CN115412373A - Method and system for safely accessing mechanical-electrical integrated industrial control network - Google Patents
Method and system for safely accessing mechanical-electrical integrated industrial control network Download PDFInfo
- Publication number
- CN115412373A CN115412373A CN202211353490.4A CN202211353490A CN115412373A CN 115412373 A CN115412373 A CN 115412373A CN 202211353490 A CN202211353490 A CN 202211353490A CN 115412373 A CN115412373 A CN 115412373A
- Authority
- CN
- China
- Prior art keywords
- user
- control network
- industrial control
- binary group
- commands
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a method and a system for safely accessing an electromechanical integrated industrial control network, which comprises the steps of obtaining historical input information input by each user through an operation terminal in the industrial control network, wherein the historical input information comprises input commands and time intervals among the input commands; generating the operation habit of each user according to the historical input information; detecting real-time input information of a first user in real time, forming a binary group by successively receiving input commands, determining a first time interval of two commands in the binary group, acquiring an average value and a variance of a corresponding binary group type from operation habits of corresponding users, and considering that the operation habits of the users are met when the first time interval falls into a double standard deviation of the corresponding binary group type, otherwise, considering that an account is abnormal; and if the first user account is abnormal, forbidding the first user to access the industrial control network. The invention simply and effectively checks whether the account of the specific user is normal or not to determine the safety of accessing the industrial control network.
Description
Technical Field
The invention relates to the field of safety of mechatronic industrial control networks, in particular to a method and a system for safely accessing a mechatronic industrial control network.
Background
The mechatronics is one of mechanical engineering and automation, and with the development of information technology, more and more traditional factories are subjected to informatization transformation, so that the mechatronics of the factories is gradually realized. Mechatronics is typically commanded by an operator via a computer system to a controller to perform a predetermined production task. Therefore, a network consisting of a control system, a user terminal, and the like, i.e., an industrial control network, inevitably exists in the mechatronic plant.
Because the main function of the traditional industrial control network is to complete industrial production, the traditional industrial control network lacks safety consideration during design and is easy to be attacked in an open network environment; in order to ensure the safety of the industrial control network, in the prior art, safety reinforcement is usually performed through means such as a firewall and flow analysis, but if an operator account is stolen, illegal activities are performed through an operation terminal of the operator without a large amount of bag filling operation, so that the flow is very similar to normal operation characteristics, and at the moment, it is difficult to confirm that the industrial control network is invaded.
As shown in fig. 1, in an industrial control network, an operation terminal generally controls an industrial controller in an intranet through a gateway and a security server, thereby controlling an industrial device. Different from the traditional internet, data in the industrial control network is simpler, downlink data (sent to the controller by the operation terminal) are usually some PLC control commands, and uplink data (sent to the operation terminal by the controller) are usually return parameters, logs, sensor monitoring data and the like.
Because the downlink data is relatively simple, some solutions for generally identifying the characteristics of the downlink data to determine whether the access security problem exists in the working network have appeared at present, for example, an "industrial control network traffic anomaly detection method based on a fusion markov model" proposed by markov and the like, and an "industrial control system anomaly detection method based on LSTM under a digital twin view angle" proposed by xubo and the like, all of which can identify whether the network is invaded by detecting the characteristics of historical traffic, but the above models have the following problems: 1. the specific terminal which is invaded cannot be identified; 2. the model modeling process is too complex and requires excessive computing resources to perform the detection, which requires too high performance of the server.
Disclosure of Invention
In order to solve the problems in the background art, the invention provides a method and a system for safely accessing a mechatronic industrial control network.
On one hand, the invention provides a method for safely accessing an electromechanical integrated industrial control network, wherein the industrial control network consists of at least one operation terminal, at least one safety server and at least one industrial controller, the operation terminal is connected with the safety server, and the controller is connected with the safety server; the method is applied to a security server; the method specifically comprises the following steps: step S1, obtaining historical input information input by each user through the operation terminal in the industrial control network, wherein the historical input information comprises input commands and time intervals among the input commands; s2, generating an operation habit of each user according to the historical input information; combining each command and the subsequent command into a binary group according to the input order, and recording the time interval of the command of each binary group; the two-tuple with the same command is the two-tuple with the same type; deleting tuples with time intervals larger than a first threshold; deleting the binary group type with the number of samples less than a second threshold; calculating standard deviations of all time intervals of the two-tuple with the same type, and deleting the corresponding two-tuple type if the standard deviations are larger than a third threshold value; averaging and standard deviation of each type of rest binary elements, and determining that the operation habits of users are met when the same command binary element time interval falls into twice standard deviation; step S3, detecting real-time input information of a first user in real time, forming a binary group by successively receiving input commands, determining a first time interval of two commands in the binary group, acquiring an average value and a variance of a corresponding binary group type from operation habits of corresponding users, considering that the operation habits of the users are met when the first time interval falls into a double standard deviation of the corresponding binary group type, and considering that an account is abnormal if the first time interval falls into the double standard deviation of the corresponding binary group type; and if the first user account is abnormal, forbidding the first user to access the industrial control network.
Further, the history input information records only the command, not the command parameter.
Further, commands exceeding a first preset time are collected or commands exceeding a first preset number are collected.
Further, the security server continuously collects input data of the user, repeats the steps S1-S2 every second preset time, and updates the operation habit.
Furthermore, the account is considered to be abnormal only after the user is judged to be not in accordance with the operation habit within the preset time and reaches the preset times.
On the other hand, the invention provides a system for safely accessing to an electromechanical integrated industrial control network, which is characterized in that: the industrial control network consists of at least one operation terminal, at least one safety server and at least one industrial controller, wherein the operation terminal is connected with the safety server, and the controller is connected with the safety server; the system is applied to a security server; the system specifically comprises: the acquisition module is used for acquiring historical input information input by each user through the operation terminal in the industrial control network, wherein the historical input information comprises input commands and time intervals among the input commands; the generating module is used for generating the operation habit of each user according to the historical input information; combining each command and the subsequent command into a binary group according to the input order, and recording the time interval of the command of each binary group; ordering the same two-tuple as the same type two-tuple; deleting tuples with time intervals larger than a first threshold; deleting the binary group type with the number of samples less than a second threshold; calculating standard deviations of all time intervals of the tuples of the same type, and deleting the corresponding tuple type if the standard deviations are larger than a third threshold value; averaging and standard deviation of each type of the rest binary groups, and considering that the operation habits of the users are met when the same command binary group time interval falls into twice standard deviation; the judging module is used for detecting real-time input information of a first user in real time, forming a binary group by successively receiving input commands, determining a first time interval of two commands in the binary group, acquiring an average value and a variance of a corresponding binary group type from operation habits of corresponding users, considering that the operation habits of the users are met when the first time interval falls into a double standard deviation of the corresponding binary group type, and considering that an account number is abnormal if the first time interval falls into the double standard deviation of the corresponding binary group type; and if the first user account is abnormal, prohibiting the first user from accessing the industrial control network.
Further, the history input information records only the command, not the command parameter.
Further, commands exceeding a first preset time are collected or commands exceeding a first preset number are collected.
Further, the security server continuously collects input data of the user, repeats the operations of the acquisition module and the generation module every second preset time, and updates the operation habit.
Further, the account is considered to be abnormal after the user is judged to be not in accordance with the operation habit within the preset time and reaches the preset times.
According to the technical scheme, the operation habits of the user are determined by constructing the command binary group, when the account of the user is stolen, due to the fact that the familiarity degree of the command is different, the operation habits are different, and the habits of a number embedder for inputting the command are different from those of the account owner, the abnormity of the account can be simply and efficiently detected, and the access safety of an industrial control network is determined.
Drawings
FIG. 1 is a schematic diagram of an industrial control network system according to the present invention;
FIG. 2 is a flow chart of the method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments obtained by persons skilled in the art based on the embodiments provided by the invention without any inventive work belong to the protection scope of the invention
It is obvious that the drawings in the following description are only examples or embodiments of the invention, from which it is possible for a person skilled in the art, without inventive effort, to apply the invention also in other similar contexts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one of ordinary skill in the art that the described embodiments of the present invention can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein shall have the ordinary meaning as understood by one of ordinary skill in the art to which this invention belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of describing the invention (including a reference to the context of the specification and claims) are not to be construed as limiting the scope of the invention in any way, and may be construed in any way.
In one aspect, as shown in fig. 2, the invention discloses a method for securely accessing to an mechatronic industrial control network.
The industrial control network consists of at least one operation terminal, at least one safety server and at least one industrial controller, wherein the operation terminal is connected with the safety server, and the controller is connected with the safety server; the method is applied to a security server; the method specifically comprises the following steps:
step S1, obtaining historical input information input by each user through the operation terminal in the industrial control network, wherein the historical input information comprises input commands and time intervals among the input commands.
As shown in fig. 1, there may be multiple operation terminals in the industrial control network, and each operation terminal may correspond to one or multiple users; in order to obtain the operation data of each user, the user identifier is required to be carried when the user is connected to the security server through the operation terminal. For example, when a user connects to the security server, a login operation needs to be performed, and the user may log in using a username and a password or a personal key, and the specific manner of login is not limited in the present invention. And after the user logs in successfully, the server distributes the identification ID, and each subsequent user needs to carry the identification ID to distinguish the commands of different users when sending the commands to the industrial controller through the security server.
In order to obtain the operation habit of each user, the invention further obtains the historical input information of each user; when any user sends a command to the industrial controller via the security server, the security server records the user ID and the command content of the command. Further, in order to simplify the processing, the present invention records only the command, not the command parameter. Illustratively, only the command DSP is recorded when the user enters DSP-p 350-a, removing all subsequent parameters. Further, in order to extract the command conveniently, all commands in the collection system are extracted, a command list is made, and after the safety server receives the input for use, the command list is matched with the input of the user, so that the command input by the user is determined.
The historical input information is used for generating subsequent user input characteristics, and a certain amount of historical input data is needed for completely expressing the input characteristics of the user. Optionally, collecting commands exceeding a first preset time, such as collecting historical data exceeding 60 working days; further, when there are different types of production tasks, in order to cover the whole, historical data of more than a certain preset time is collected for each type of production task. Optionally, collecting more than a first preset number of commands, such as collecting more than ten thousand commands; further, when different types of production tasks are involved, more than a predetermined number of commands are collected for each type of production task.
For different users, because the configuration proficiency degree of different production tasks is different, the speed of inputting the commands by different people can be different, and the speed of inputting the commands by the same person is generally the same, so in order to express the input characteristics of different users, the time interval of inputting the commands by the users is recorded. To record the time interval between input commands, the specific time of each command may be recorded by the secure user device and subtracted to obtain the time interval between commands.
S2, generating an operation habit of each user according to the historical input information;
combining each command and the subsequent command into a binary group according to the input order, and recording the time interval of the command of each binary group; the tuples with the same command are tuples of the same type. Illustratively, the user inputs LST DEV, SET DEV PATH, SET DEV AGL, LST TEM, STOPTEM in sequence, and the intervals between the commands are 1,0.5, 10,1, respectively, then the duplet is (LST DEV, SET DEV PATH), (SET DEV PATH, SET DEV AGL), (SET DEV AGL, LST TEM), (LST TEM, STOPTEM), and the duplet and the intervals can be represented as shown in table 1. There may be multiple duplets, and the same duplet may occur repeatedly, such as multiple SETs DEV PATH, SET DEV AGL, for convenience of description, the invention refers to the duplets of the same command as the duplets of the same type.
TABLE 1
| Binary group | Spacing(s) |
| (LST DEV,SET DEV PATH) | 1 |
| (SET DEV PATH, SET DEV AGL) | 0.5 |
| (SET DEV AGL,LST TEM) | 10 |
| (LST TEM,StopTEM) | 1 |
Since the doublet is formed by combining all the input commands, there may be no relation between two commands of many doublets, the time interval of which is usually random and large, and thus the doublet with the time interval larger than the first threshold is deleted. Illustratively, (SET DEV AGL, LST TEM) in order to examine another type of device after a device is operated, there is no necessary connection between the two operations, and the 10 seconds between the two operations remove such doublets.
The bigram is for statistical analysis, and too few samples have too much randomness to reflect the statistical rule, so that the bigram type with less samples than the second threshold is deleted. Exemplarily, the (LST TEM, STOPTEM) doublet appears only twice in the sample, less than a predetermined number of times, then the (LST TEM, STOPTEM) doublet is deleted altogether.
The interval of two commands in the two-tuple reflects the proficiency of the same user in operating the two commands, if the time interval of the same two-tuple fluctuates too much, the server can wait for returning, and the time fluctuation of the returning of the server is too much, so that the operation of the user cannot be completely reflected, and therefore, the data is not suitable to be used as a sample. The standard deviation is thus calculated for all time intervals of tuples of the same type, and the corresponding tuple type is deleted if the standard deviation is greater than a third threshold value. Illustratively, all (SET DEV PATH, SET DEV AGL) commands are spaced at 0.5, 0.6, 0.9, 0.1, 1.5 \8230;, then standard deviation calculation is performed, if the calculation result is greater than a certain SET value, then all (SET DEV PATH, SET DEV AGL) are deleted; illustratively, 0.5, 0.6, 0.9, 0.1, 1.5 \8230; \8230, where the standard deviation calculation was performed to obtain a standard deviation of 1.1, which is greater than the third threshold of 1, then (SET DEV PATH, SET DEV AGL) was all deleted.
Different people have different input command speeds and the like due to different production flows, service levels and command proficiency, command operation habits of each user can be reflected through the remaining binary groups after the operation, and the operation habits of each user are different.
And averaging and standard deviation of each type of the rest binary groups, and determining that the operation habit of the user is met when the time interval of the same command binary group falls into twice standard deviation. For example, if the average value of the command intervals of all (LST DEV, SET DEV PATH) tuples of a certain user is μ and the standard deviation is δ, when the server receives the LST DEV, SET DEV PATH continuously input by the user, when the interval between the LST DEV and the SET DEV PATH is between-2 δ + μ and 2 δ + μ, the input habit of the user is considered to be met, otherwise, the input of the user is considered to be possibly abnormal; specifically, for example, the average value of the command intervals of all (LST DEV, SET DEV PATH) duplets of a certain user is 1.2, the standard deviation is 0.2, and when the interval between the LST DEV and the SET DEV PATH received by the security server is 2.2, 2.2 is not between-2 + 0.2+1.2 and 2+ 0.2+1.2, the user is considered to have an abnormality.
Further, since the user may switch between different product lines and different mission use frequencies may change during the operation, the security server may continuously collect the input data of the user and repeat the above steps S1 to S2 every second preset time to update the operation habits of the user. Illustratively, the above steps S1-S2 are repeated every 10 days.
Step S3, detecting real-time input information of a first user in real time, forming a binary group by successively receiving input commands, determining a first time interval of two commands in the binary group, acquiring an average value and a variance of a corresponding binary group type from operation habits of corresponding users, considering that the operation habits of the users are met when the first time interval falls into a double standard deviation of the corresponding binary group type, and considering that an account is abnormal if the first time interval falls into the double standard deviation of the corresponding binary group type; and if the first user account is abnormal, prohibiting the first user from accessing the industrial control network.
The server receives the command input by the user in real time, the security server acquires the operation habit of the user in the steps, and the security server continuously acquires the input operation of the user in the daily detection process. Specifically, the input information of the user is detected in real time, the input commands are received successively to form a binary group, the time interval of two commands in the binary group is determined, the average value and the variance of the corresponding binary group are obtained from the operation habits of the corresponding user, the operation habits of the user are considered to be met when the time interval falls into a double standard deviation, and the user is forbidden to access the industrial control network when the user account is considered to be abnormal when the operation habits of the user are not met.
Further, in order to reduce errors, after the user is judged to be not in accordance with the operation habit within the preset time and reaches the preset times, the user is considered to have abnormality, and at the moment, the user is prohibited from accessing the industrial control network.
In another embodiment, the invention also discloses a system for safely accessing the mechatronic industrial control network, wherein the industrial control network consists of at least one operation terminal, at least one safety server and at least one industrial controller, the operation terminal is connected with the safety server, and the controller is connected with the safety server; the system is applied to a security server; the system specifically comprises:
the acquisition module is used for acquiring historical input information input by each user through the operation terminal in the industrial control network, wherein the historical input information comprises input commands and time intervals among the input commands;
the generating module is used for generating the operation habit of each user according to the historical input information;
combining each command and the subsequent command into a binary group according to the input order, and recording the time interval of the command of each binary group; the two-tuple with the same command is the two-tuple with the same type;
deleting tuples with time intervals larger than a first threshold;
deleting the binary group type with the number of samples less than a second threshold;
calculating standard deviations of all time intervals of the two-tuple with the same type, and deleting the corresponding two-tuple type if the standard deviations are larger than a third threshold value;
averaging and standard deviation of each type of rest binary elements, and determining that the operation habits of users are met when the same command binary element time interval falls into twice standard deviation;
the judging module is used for detecting real-time input information of a first user in real time, forming a binary group by successively receiving input commands, determining a first time interval of two commands in the binary group, acquiring an average value and a variance of a corresponding binary group type from operation habits of corresponding users, considering that the operation habits of the users are met when the first time interval falls into a double standard deviation of the corresponding binary group type, and considering that an account number is abnormal if the first time interval falls into the double standard deviation of the corresponding binary group type; and if the first user account is abnormal, forbidding the first user to access the industrial control network.
While the system includes modules in the prior art capable of performing or assisting in performing all of the methods in the foregoing embodiments, those skilled in the art can implement the system by any means in the prior art as long as the methods in the foregoing embodiments can be performed.
In the description herein, the description of the terms "one embodiment," "some embodiments," "specific embodiments," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The present invention has been described in terms of the preferred embodiment, and it is not intended to be limited to the embodiment. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for safely accessing a mechatronic industrial control network is characterized by comprising the following steps: the industrial control network consists of at least one operation terminal, at least one safety server and at least one industrial controller, wherein the operation terminal is connected with the safety server, and the controller is connected with the safety server; the method is applied to a security server; the method specifically comprises the following steps:
step S1, obtaining historical input information input by each user through the operation terminal in the industrial control network, wherein the historical input information comprises input commands and time intervals among the input commands;
s2, generating an operation habit of each user according to the historical input information;
combining each command and the subsequent command into a binary group according to the input order, and recording the time interval of the command of each binary group; the two-tuple with the same command is the two-tuple with the same type;
deleting tuples with time intervals larger than a first threshold;
deleting the binary group type with the number of samples less than a second threshold;
calculating standard deviations of all time intervals of the two-tuple with the same type, and deleting the corresponding two-tuple type if the standard deviations are larger than a third threshold value;
averaging and standard deviation of each type of the rest binary groups, and considering that the operation habits of the users are met when the same command binary group time interval falls into twice standard deviation;
step S3, detecting real-time input information of a first user in real time, forming a binary group by successively receiving input commands, determining a first time interval of two commands in the binary group, acquiring an average value and a variance of a corresponding binary group type from operation habits of corresponding users, considering that the operation habits of the users are met when the first time interval falls into a double standard deviation of the corresponding binary group type, and considering that an account is abnormal if the first time interval falls into the double standard deviation of the corresponding binary group type; and if the first user account is abnormal, forbidding the first user to access the industrial control network.
2. The method for safely accessing the mechatronic industrial control network according to claim 1, characterized in that: the historical input information only records commands and does not record command parameters.
3. The method for safely accessing the mechatronic industrial control network according to claim 1, characterized in that: collecting commands exceeding a first preset time or collecting commands exceeding a first preset number.
4. The method for safely accessing the mechatronic industrial control network according to claim 1, characterized in that: and the safety server continuously collects the input data of the user, repeats the steps S1-S2 every second preset time and updates the operation habit.
5. The method for safely accessing the mechatronic industrial control network according to claim 1, characterized in that: and after the user is judged to be not in accordance with the operation habit within the preset time and reaches the preset times, the account is considered to be abnormal.
6. A system for safely accessing to an electromechanical integrated industrial control network is characterized in that: the industrial control network consists of at least one operation terminal, at least one safety server and at least one industrial controller, wherein the operation terminal is connected with the safety server, and the controller is connected with the safety server; the system is applied to a security server; the system specifically comprises:
the acquisition module is used for acquiring historical input information input by each user through the operation terminal in the industrial control network, wherein the historical input information comprises input commands and time intervals among the input commands;
the generating module is used for generating the operation habit of each user according to the historical input information;
combining each command and the subsequent command into a binary group according to the input order, and recording the time interval of the command of each binary group; the two-tuple with the same command is the two-tuple with the same type;
deleting the duplets with the time interval larger than a first threshold value;
deleting the binary group type with the number of samples less than a second threshold;
calculating standard deviations of all time intervals of the tuples of the same type, and deleting the corresponding tuple type if the standard deviations are larger than a third threshold value;
averaging and standard deviation of each type of the rest binary groups, and considering that the operation habits of the users are met when the same command binary group time interval falls into twice standard deviation;
the judging module is used for detecting real-time input information of a first user in real time, forming a binary group by successively receiving input commands, determining a first time interval of two commands in the binary group, acquiring an average value and a variance of a corresponding binary group type from operation habits of corresponding users, considering that the operation habits of the users are met when the first time interval falls into a double standard deviation of the corresponding binary group type, and considering that an account number is abnormal if the first time interval falls into the double standard deviation of the corresponding binary group type; and if the first user account is abnormal, forbidding the first user to access the industrial control network.
7. The system for safely accessing the mechatronic industrial control network according to claim 6, wherein: the historical input information only records commands and does not record command parameters.
8. The system of claim 6, wherein the system comprises: collecting commands exceeding a first preset time or collecting commands exceeding a first preset number.
9. The system of claim 6, wherein the system comprises: and the safety server continuously collects the input data of the user, repeats the operation of the acquisition module and the generation module every second preset time and updates the operation habit.
10. The system for safely accessing the mechatronic industrial control network according to claim 6, wherein: and after the user is judged to be not in accordance with the operation habit within the preset time and reaches the preset times, the account is considered to be abnormal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211353490.4A CN115412373B (en) | 2022-11-01 | 2022-11-01 | Method and system for safely accessing mechanical-electrical integrated industrial control network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211353490.4A CN115412373B (en) | 2022-11-01 | 2022-11-01 | Method and system for safely accessing mechanical-electrical integrated industrial control network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115412373A true CN115412373A (en) | 2022-11-29 |
| CN115412373B CN115412373B (en) | 2023-03-21 |
Family
ID=84167934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211353490.4A Active CN115412373B (en) | 2022-11-01 | 2022-11-01 | Method and system for safely accessing mechanical-electrical integrated industrial control network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115412373B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965291A (en) * | 2018-07-11 | 2018-12-07 | 平安科技(深圳)有限公司 | Registration login method, system and the computer equipment of mixed application |
| CN109784015A (en) * | 2018-12-27 | 2019-05-21 | 腾讯科技(深圳)有限公司 | A kind of authentication identifying method and device |
| CN110244587A (en) * | 2018-03-08 | 2019-09-17 | 佛山市顺德区美的电热电器制造有限公司 | A kind of control method, device, household appliance and computer storage medium |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| US20200217896A1 (en) * | 2019-01-04 | 2020-07-09 | Kabushiki Kaisha Toshiba | Device and method for evaluating energy storage device and evaluation system |
| CN112929751A (en) * | 2019-12-06 | 2021-06-08 | 北京达佳互联信息技术有限公司 | System, method and terminal for determining action execution |
| WO2021204086A1 (en) * | 2020-04-06 | 2021-10-14 | 华为技术有限公司 | Identity authentication method, and method and device for training identity authentication model |
| CN114253866A (en) * | 2022-03-01 | 2022-03-29 | 紫光恒越技术有限公司 | Malicious code detection method and device, computer equipment and readable storage medium |
| CN114785593A (en) * | 2022-04-21 | 2022-07-22 | 中网信安科技有限公司 | Controlled network space construction method |
-
2022
- 2022-11-01 CN CN202211353490.4A patent/CN115412373B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110244587A (en) * | 2018-03-08 | 2019-09-17 | 佛山市顺德区美的电热电器制造有限公司 | A kind of control method, device, household appliance and computer storage medium |
| CN108965291A (en) * | 2018-07-11 | 2018-12-07 | 平安科技(深圳)有限公司 | Registration login method, system and the computer equipment of mixed application |
| CN109784015A (en) * | 2018-12-27 | 2019-05-21 | 腾讯科技(深圳)有限公司 | A kind of authentication identifying method and device |
| US20200217896A1 (en) * | 2019-01-04 | 2020-07-09 | Kabushiki Kaisha Toshiba | Device and method for evaluating energy storage device and evaluation system |
| CN112929751A (en) * | 2019-12-06 | 2021-06-08 | 北京达佳互联信息技术有限公司 | System, method and terminal for determining action execution |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| WO2021204086A1 (en) * | 2020-04-06 | 2021-10-14 | 华为技术有限公司 | Identity authentication method, and method and device for training identity authentication model |
| CN114253866A (en) * | 2022-03-01 | 2022-03-29 | 紫光恒越技术有限公司 | Malicious code detection method and device, computer equipment and readable storage medium |
| CN114785593A (en) * | 2022-04-21 | 2022-07-22 | 中网信安科技有限公司 | Controlled network space construction method |
Non-Patent Citations (5)
| Title |
|---|
| SERGIOSANCHEZ-MARTINEZ: "Characterization of myocardial motion patterns by unsupervised multiple kernel learning", 《PRIMO》 * |
| 彭豪辉: "基于用户行为的内部威胁检测方法研究", 《CNKI中国知网》 * |
| 李楠: "基于用户行为特征的智能终端安全认证研究", 《CNKI中国知网》 * |
| 郭志民: "基于用户与网络行为分析的主机异常检测方法", 《CNKI中国知网》 * |
| 闫城: "一种统计用户对终端的操作习惯的方法和相关装置", 《百度学术》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115412373B (en) | 2023-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107154950B (en) | Method and system for detecting log stream abnormity | |
| US7647131B1 (en) | Dynamic determination of sampling rates | |
| CN105024877B (en) | A kind of Hadoop malicious node detecting systems based on user's behaviors analysis | |
| CN111027615B (en) | Middleware fault early warning method and system based on machine learning | |
| CN117235649B (en) | Industrial equipment state intelligent monitoring system and method based on big data | |
| CN112987675A (en) | Method, device, computer equipment and medium for anomaly detection | |
| CN110119787B (en) | Working condition detection method and equipment for rotary mechanical equipment | |
| Liulys | Machine learning application in predictive maintenance | |
| CN109347863B (en) | Improved immune network abnormal behavior detection method | |
| US20220044178A1 (en) | System for action determination | |
| US11897527B2 (en) | Automated positive train control event data extraction and analysis engine and method therefor | |
| CN116248362A (en) | User abnormal network access behavior identification method based on double-layer hidden Markov chain | |
| CN113282920B (en) | Log abnormality detection method, device, computer equipment and storage medium | |
| CN115412373B (en) | Method and system for safely accessing mechanical-electrical integrated industrial control network | |
| CN116232765B (en) | Abnormal access analysis method and system for industrial control safety system | |
| CN114385668A (en) | Cold data cleaning method, device, equipment and storage medium | |
| CN116383786B (en) | Big data information supervision system and method based on Internet of things | |
| CN115422263B (en) | Multifunctional universal fault analysis method and system for electric power field | |
| CN116886446A (en) | Automatic attack detection method, electronic equipment and storage medium | |
| CN113259398B (en) | Account security detection method based on mail log data | |
| CN116150253A (en) | Production equipment predictive maintenance method and system based on multi-mode signals | |
| Charongrattanasakul et al. | Optimizing the cost of integrated model for fuzzy failure Weibull distribution using genetic algorithm | |
| CN114417345A (en) | Web attack detection method based on NLP | |
| CN112884165A (en) | Federal machine learning-oriented full-flow service migration method and system | |
| CN114329449A (en) | System security detection method and device, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |