CN115428397A - 工业控制系统安全性分析方法、装置和计算机可读介质 - Google Patents
工业控制系统安全性分析方法、装置和计算机可读介质 Download PDFInfo
- Publication number
- CN115428397A CN115428397A CN202080099457.6A CN202080099457A CN115428397A CN 115428397 A CN115428397 A CN 115428397A CN 202080099457 A CN202080099457 A CN 202080099457A CN 115428397 A CN115428397 A CN 115428397A
- Authority
- CN
- China
- Prior art keywords
- control system
- industrial control
- data packet
- communication data
- identifiable information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
本发明提供了工业控制系统安全性分析方法、装置和计算机可读介质,该工业控制系统安全性分析方法包括:从第一工业控制系统采集通信数据包,其中,运营技术OT网络包括相连接的第一工业控制系统和至少一个第二工业控制系统,通信数据包为第一工业控制系统中控制设备之间传输的交互数据;从通信数据包中提取网络可识别信息;判断网络可识别信息是否位于预先创建的事件数据库中;如果网络可识别信息位于事件数据库中,则确定通信数据包为恶意数据包,获取第一工业控制系统和每个第二工业控制系统的安全策略,根据网络可识别信息和各安全策略确定通信数据包对各个第二工业控制系统的威胁系数。本方案能够更加准确地对工业控制系统的安全性进行分析。
Description
PCT国内申请,说明书已公开。
Claims (12)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2020/093522 WO2021237739A1 (zh) | 2020-05-29 | 2020-05-29 | 工业控制系统安全性分析方法、装置和计算机可读介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115428397A true CN115428397A (zh) | 2022-12-02 |
Family
ID=78745410
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202080099457.6A Pending CN115428397A (zh) | 2020-05-29 | 2020-05-29 | 工业控制系统安全性分析方法、装置和计算机可读介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11843639B2 (zh) |
EP (1) | EP4135281A4 (zh) |
CN (1) | CN115428397A (zh) |
WO (1) | WO2021237739A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116611077A (zh) * | 2023-07-20 | 2023-08-18 | 北京升鑫网络科技有限公司 | 基于主机网络包捕获和分析的虚拟补丁防护方法及系统 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006119508A2 (en) * | 2005-05-05 | 2006-11-09 | Ironport Systems, Inc. | Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources |
US8769674B2 (en) * | 2006-09-07 | 2014-07-01 | Symantec Corporation | Instant message scanning |
US20120198553A1 (en) * | 2009-09-14 | 2012-08-02 | Junko Suginaka | Secure auditing system and secure auditing method |
US8856936B2 (en) * | 2011-10-14 | 2014-10-07 | Albeado Inc. | Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security |
US10148686B2 (en) * | 2016-02-10 | 2018-12-04 | Accenture Global Solutions Limited | Telemetry analysis system for physical process anomaly detection |
WO2019003041A1 (en) * | 2017-06-28 | 2019-01-03 | Si-Ga Data Security (2014) Ltd. | THREAT DETECTION SYSTEM FOR INDUSTRIAL CONTROL DEVICES |
CN107705470A (zh) | 2017-08-17 | 2018-02-16 | 阿里巴巴集团控股有限公司 | 购物结算方法、智能购物设备以及智能超市系统 |
CN110661761B (zh) * | 2018-06-29 | 2021-12-14 | 西门子股份公司 | 一种访问控制设备、方法、计算机程序产品和计算机可读介质 |
CN110896386B (zh) | 2018-09-12 | 2022-05-10 | 西门子(中国)有限公司 | 识别安全威胁的方法、装置、存储介质、处理器和终端 |
-
2020
- 2020-05-29 EP EP20937269.7A patent/EP4135281A4/en active Pending
- 2020-05-29 CN CN202080099457.6A patent/CN115428397A/zh active Pending
- 2020-05-29 WO PCT/CN2020/093522 patent/WO2021237739A1/zh unknown
- 2020-05-29 US US17/927,930 patent/US11843639B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
US11843639B2 (en) | 2023-12-12 |
EP4135281A4 (en) | 2024-01-31 |
US20230199029A1 (en) | 2023-06-22 |
EP4135281A1 (en) | 2023-02-15 |
WO2021237739A1 (zh) | 2021-12-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108289088B (zh) | 基于业务模型的异常流量检测系统及方法 | |
CN110495138B (zh) | 工业控制系统及其网络安全的监视方法 | |
EP2953298B1 (en) | Log analysis device, information processing method and program | |
CN109962891B (zh) | 监测云安全的方法、装置、设备和计算机存储介质 | |
US10616258B2 (en) | Security information and event management | |
US11563755B2 (en) | Machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration, automation and response (SOAR) platform | |
US10104124B2 (en) | Analysis rule adjustment device, analysis rule adjustment system, analysis rule adjustment method, and analysis rule adjustment program | |
JP5264470B2 (ja) | 攻撃判定装置及びプログラム | |
US20150341380A1 (en) | System and method for detecting abnormal behavior of control system | |
KR102137089B1 (ko) | 명령제어채널 탐지장치 및 방법 | |
KR101880162B1 (ko) | 자동제어시스템 내 제어신호 분석을 이용한 제어신호 무결성 검증 방법 | |
JP2015076863A (ja) | ログ分析装置、方法およびプログラム | |
CN109167794B (zh) | 一种面向网络系统安全度量的攻击检测方法 | |
CN107209834B (zh) | 恶意通信模式提取装置及其系统和方法、记录介质 | |
CN112822151A (zh) | 面向控制网络工业计算机的多层精准主动网络攻击检测方法及系统 | |
US11343267B2 (en) | Threat monitor, threat monitoring method, and recording medium therefore | |
CN113079185B (zh) | 实现深度数据包检测控制的工业防火墙控制方法及设备 | |
CN109144023A (zh) | 一种工业控制系统的安全检测方法和设备 | |
CN115428397A (zh) | 工业控制系统安全性分析方法、装置和计算机可读介质 | |
CN112291213A (zh) | 一种基于智能终端的异常流量分析方法及装置 | |
KR20190027122A (ko) | 네트워크 공격 패턴 분석 및 방법 | |
CN116866078A (zh) | 一种网络安全评价方法 | |
CN115913634A (zh) | 一种基于深度学习的网络安全异常的检测方法及系统 | |
Pramudya et al. | Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers | |
WO2023000819A1 (zh) | 设备查找方法、装置、系统和计算机可读介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |