CN115428397A - 工业控制系统安全性分析方法、装置和计算机可读介质 - Google Patents

工业控制系统安全性分析方法、装置和计算机可读介质 Download PDF

Info

Publication number
CN115428397A
CN115428397A CN202080099457.6A CN202080099457A CN115428397A CN 115428397 A CN115428397 A CN 115428397A CN 202080099457 A CN202080099457 A CN 202080099457A CN 115428397 A CN115428397 A CN 115428397A
Authority
CN
China
Prior art keywords
control system
industrial control
data packet
communication data
identifiable information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080099457.6A
Other languages
English (en)
Inventor
郭代飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Ltd China
Original Assignee
Siemens Ltd China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ltd China filed Critical Siemens Ltd China
Publication of CN115428397A publication Critical patent/CN115428397A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明提供了工业控制系统安全性分析方法、装置和计算机可读介质,该工业控制系统安全性分析方法包括:从第一工业控制系统采集通信数据包,其中,运营技术OT网络包括相连接的第一工业控制系统和至少一个第二工业控制系统,通信数据包为第一工业控制系统中控制设备之间传输的交互数据;从通信数据包中提取网络可识别信息;判断网络可识别信息是否位于预先创建的事件数据库中;如果网络可识别信息位于事件数据库中,则确定通信数据包为恶意数据包,获取第一工业控制系统和每个第二工业控制系统的安全策略,根据网络可识别信息和各安全策略确定通信数据包对各个第二工业控制系统的威胁系数。本方案能够更加准确地对工业控制系统的安全性进行分析。

Description

PCT国内申请,说明书已公开。

Claims (12)

  1. PCT国内申请,权利要求书已公开。
CN202080099457.6A 2020-05-29 2020-05-29 工业控制系统安全性分析方法、装置和计算机可读介质 Pending CN115428397A (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/093522 WO2021237739A1 (zh) 2020-05-29 2020-05-29 工业控制系统安全性分析方法、装置和计算机可读介质

Publications (1)

Publication Number Publication Date
CN115428397A true CN115428397A (zh) 2022-12-02

Family

ID=78745410

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080099457.6A Pending CN115428397A (zh) 2020-05-29 2020-05-29 工业控制系统安全性分析方法、装置和计算机可读介质

Country Status (4)

Country Link
US (1) US11843639B2 (zh)
EP (1) EP4135281A4 (zh)
CN (1) CN115428397A (zh)
WO (1) WO2021237739A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116611077A (zh) * 2023-07-20 2023-08-18 北京升鑫网络科技有限公司 基于主机网络包捕获和分析的虚拟补丁防护方法及系统

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006119508A2 (en) * 2005-05-05 2006-11-09 Ironport Systems, Inc. Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources
US8769674B2 (en) * 2006-09-07 2014-07-01 Symantec Corporation Instant message scanning
US20120198553A1 (en) * 2009-09-14 2012-08-02 Junko Suginaka Secure auditing system and secure auditing method
US8856936B2 (en) * 2011-10-14 2014-10-07 Albeado Inc. Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security
US10148686B2 (en) * 2016-02-10 2018-12-04 Accenture Global Solutions Limited Telemetry analysis system for physical process anomaly detection
WO2019003041A1 (en) * 2017-06-28 2019-01-03 Si-Ga Data Security (2014) Ltd. THREAT DETECTION SYSTEM FOR INDUSTRIAL CONTROL DEVICES
CN107705470A (zh) 2017-08-17 2018-02-16 阿里巴巴集团控股有限公司 购物结算方法、智能购物设备以及智能超市系统
CN110661761B (zh) * 2018-06-29 2021-12-14 西门子股份公司 一种访问控制设备、方法、计算机程序产品和计算机可读介质
CN110896386B (zh) 2018-09-12 2022-05-10 西门子(中国)有限公司 识别安全威胁的方法、装置、存储介质、处理器和终端

Also Published As

Publication number Publication date
US11843639B2 (en) 2023-12-12
EP4135281A4 (en) 2024-01-31
US20230199029A1 (en) 2023-06-22
EP4135281A1 (en) 2023-02-15
WO2021237739A1 (zh) 2021-12-02

Similar Documents

Publication Publication Date Title
CN108289088B (zh) 基于业务模型的异常流量检测系统及方法
CN110495138B (zh) 工业控制系统及其网络安全的监视方法
EP2953298B1 (en) Log analysis device, information processing method and program
CN109962891B (zh) 监测云安全的方法、装置、设备和计算机存储介质
US10616258B2 (en) Security information and event management
US11563755B2 (en) Machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration, automation and response (SOAR) platform
US10104124B2 (en) Analysis rule adjustment device, analysis rule adjustment system, analysis rule adjustment method, and analysis rule adjustment program
JP5264470B2 (ja) 攻撃判定装置及びプログラム
US20150341380A1 (en) System and method for detecting abnormal behavior of control system
KR102137089B1 (ko) 명령제어채널 탐지장치 및 방법
KR101880162B1 (ko) 자동제어시스템 내 제어신호 분석을 이용한 제어신호 무결성 검증 방법
JP2015076863A (ja) ログ分析装置、方法およびプログラム
CN109167794B (zh) 一种面向网络系统安全度量的攻击检测方法
CN107209834B (zh) 恶意通信模式提取装置及其系统和方法、记录介质
CN112822151A (zh) 面向控制网络工业计算机的多层精准主动网络攻击检测方法及系统
US11343267B2 (en) Threat monitor, threat monitoring method, and recording medium therefore
CN113079185B (zh) 实现深度数据包检测控制的工业防火墙控制方法及设备
CN109144023A (zh) 一种工业控制系统的安全检测方法和设备
CN115428397A (zh) 工业控制系统安全性分析方法、装置和计算机可读介质
CN112291213A (zh) 一种基于智能终端的异常流量分析方法及装置
KR20190027122A (ko) 네트워크 공격 패턴 분석 및 방법
CN116866078A (zh) 一种网络安全评价方法
CN115913634A (zh) 一种基于深度学习的网络安全异常的检测方法及系统
Pramudya et al. Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers
WO2023000819A1 (zh) 设备查找方法、装置、系统和计算机可读介质

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination