CN115514653A - Method and device for generating topological graph of industrial control network, electronic equipment and storage medium - Google Patents
Method and device for generating topological graph of industrial control network, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115514653A CN115514653A CN202211225173.4A CN202211225173A CN115514653A CN 115514653 A CN115514653 A CN 115514653A CN 202211225173 A CN202211225173 A CN 202211225173A CN 115514653 A CN115514653 A CN 115514653A
- Authority
- CN
- China
- Prior art keywords
- industrial control
- data
- routing information
- node
- routing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000003860 storage Methods 0.000 title claims abstract description 15
- 238000004891 communication Methods 0.000 claims abstract description 71
- 238000012163 sequencing technique Methods 0.000 claims abstract description 11
- 238000013507 mapping Methods 0.000 claims description 62
- 238000012545 processing Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 5
- 238000013024 troubleshooting Methods 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 10
- 238000005206 flow analysis Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000001914 filtration Methods 0.000 description 3
- 230000004083 survival effect Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a topological graph generation method and device of an industrial control network, electronic equipment and a storage medium, and relates to the technical field of industrial control networks. And obtaining the routing information corresponding to each data message in the industrial control network system in real time. And then generating a data flow relation tree in each time period based on all the routing information in the time period, wherein the data flow relation tree can represent the communication relation among a plurality of equipment nodes. And finally, generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device. Therefore, data messages related to the whole network of the industrial control network system are analyzed, the data flow relation among all the industrial control devices is obtained through topology sequencing, the network communication topological graph of the whole industrial control device system can be drawn periodically, and data support can be provided for follow-up device troubleshooting.
Description
Technical Field
The invention relates to the technical field of industrial control networks, in particular to a method and a device for generating a topological graph of an industrial control network, electronic equipment and a storage medium.
Background
In the field of industrial control, with the development of industrial control automation technology, an industrial control system is developed from a single and closed operation scene to a complex comprehensive scene in which various units operate together.
Currently, the automatically generated industrial control network topological graph basically presents end-to-end links, and a specific routing path of an end-to-end connection line is not marked, but in a huge network system environment of an industrial control network, the types of industrial control equipment are various. When the industrial control network system fails and needs troubleshooting, under the condition of no detailed routing information, a great deal of time and energy are needed to troubleshoot the specific equipment which fails, the efficiency is low, and the requirement of the industrial control field on high availability of the equipment cannot be met.
In the prior art, a method for generating a topological graph includes: s1, capturing network flow data in a passive detection mode, analyzing and formatting the flow data, and storing the flow data in a database; s2, providing the IP in the flow data for active detection; s3, actively detecting, firstly, carrying out survival scanning, and recording the current survival IP and the current survival port; s4, scanning the currently-alive IP and the ports through an industrial control protocol script, simultaneously carrying out route tracking, analyzing and formatting the scanning result and the route information, and storing the scanning result and the route information in a database; and S5, taking out data from the database according to the filtering condition of the user to draw a topological graph and the like.
However, the method needs to poll and scan all the unit devices in the industrial control network system, which is a high-risk operation for the industrial control field; the industrial control field has extremely high requirements on high availability and low delay of equipment, and the communication among units can be influenced by scanning the unit equipment in full, so that the service performance of the units is directly influenced, and potential hidden dangers of equipment communication are increased.
Disclosure of Invention
The invention aims to provide a method and a device for generating a topological graph of an industrial control network, electronic equipment and a storage medium, which can quickly and accurately draw a network communication topological graph of the industrial control network and provide data support for follow-up equipment troubleshooting; meanwhile, potential hidden dangers of communication among equipment caused by polling and full scanning of unit equipment in the industrial control network system are avoided.
Embodiments of the invention may be implemented as follows:
in a first aspect, an embodiment of the present invention provides a method for generating a topology map of an industrial control network, including:
obtaining routing information corresponding to each data message in the industrial control network system in real time; the industrial control network system comprises a plurality of industrial control devices;
in each time period, generating a data flow relation tree based on all routing information in the time period; the data flow relation tree represents the communication relation among a plurality of equipment nodes, and one equipment node corresponds to one industrial control equipment;
and generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device and the data flow relation tree.
In an optional embodiment, the step of obtaining, in real time, routing information corresponding to each data packet in the industrial control network system includes:
acquiring the network flow of the industrial control network system in real time; the network traffic comprises a plurality of the data packets;
and analyzing each data message to obtain the routing information corresponding to each data message.
In an optional embodiment, the step of generating the data flow relation tree based on all the routing information in the time period includes:
establishing a routing mapping table by using the routing information corresponding to each data message in the time period; the routing mapping table comprises a plurality of pieces of mapping data, and each piece of mapping data represents a mapping relation between one equipment node and at least one corresponding downlink communication node;
searching the routing mapping table to obtain a plurality of topological sorting sequences;
and generating the data flow relation tree according to the plurality of topological sorting sequences.
In an optional embodiment, the number of the downlink communication nodes corresponding to the device node is the out degree of the device node; the number of the uplink communication nodes corresponding to the equipment node is the degree of entry of the equipment node;
the step of searching the routing mapping table to obtain a plurality of topology sequencing sequences includes:
finding out a plurality of leaf nodes from the routing mapping table, wherein the leaf nodes represent equipment nodes with zero degree;
aiming at any leaf node, searching the routing mapping table by taking the leaf node as a starting point to obtain at least one topological sorting sequence; the topology sequencing sequence represents a path from a root node to the leaf node, and the root node represents the equipment node with zero degree;
and traversing each leaf node to obtain a plurality of topological sorting sequences.
In an optional embodiment, the routing information includes address information and trigger time in a one-to-one correspondence, where the address information includes an IP address pair and a MAC address pair; the routing information in the time period comprises: each group of routing information with different triggering time and the same address information;
the step of establishing a routing mapping table by using the routing information in the time period includes:
for each group of routing information with different trigger time and the same address information, retaining the routing information with the earliest trigger time in the group of routing information to obtain each filtered routing information in the time period;
and establishing the routing mapping table according to each piece of filtered routing information in the time period.
In a second aspect, an embodiment of the present invention further provides a device for generating a topology map of an industrial control network, where the device includes:
the acquisition module is used for acquiring the routing information corresponding to each data message in the industrial control network system in real time; the industrial control network system comprises a plurality of industrial control devices;
the processing module is used for generating a data flow relation tree based on all routing information in each time period; the data flow relation tree represents the communication relation among a plurality of equipment nodes, and one equipment node corresponds to one industrial control equipment;
and the generating module is used for generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device.
In an optional embodiment, the obtaining module is specifically configured to:
collecting the network flow of the industrial control network system in real time; the network traffic comprises a plurality of the data packets;
and analyzing each data message to obtain the routing information corresponding to each data message.
In an optional embodiment, the processing module is specifically configured to:
establishing a routing mapping table by using the routing information corresponding to each data message in the time period; the routing mapping table comprises a plurality of pieces of mapping data, and each piece of mapping data represents a mapping relation between one equipment node and at least one corresponding downlink communication node;
searching the routing mapping table to obtain a plurality of topological sorting sequences;
and generating the data flow relation tree according to the plurality of topological sorting sequences.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: a memory and a processor, the memory storing machine readable instructions executable by the processor, the processor executing the machine readable instructions when the electronic device is running to implement the method of any of the above embodiments.
In a fourth aspect, an embodiment of the present invention further provides a storage medium, where the storage medium stores a computer program, and the computer program is executed by a processor to implement the method described in any one of the above embodiments.
Compared with the prior art, the embodiment of the invention provides a topological graph generation method and device for an industrial control network, electronic equipment and a storage medium, and routing information corresponding to each data message in the industrial control network system is obtained in real time. And then generating a data flow relation tree capable of representing the communication relation between the equipment nodes based on all the routing information in the time period in each time period. And finally, generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device. The method has the advantages that the data messages related to the whole network of the industrial control network system are used for analysis, the network communication topological diagram of the whole industrial control equipment system is accurately drawn, and data support can be provided for follow-up equipment troubleshooting. Meanwhile, the scheme also avoids potential hidden dangers of communication among equipment caused by polling and full-scale scanning of all unit equipment in the industrial control network system.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a method for generating a topology map of an industrial control network according to an embodiment of the present invention.
Fig. 2 is a second flowchart of a method for generating a topology map of an industrial control network according to an embodiment of the present invention.
Fig. 3 is a third schematic flowchart of a method for generating a topology map of an industrial control network according to an embodiment of the present invention.
Fig. 4 is a fourth flowchart of a method for generating a topology map of an industrial control network according to an embodiment of the present invention.
Fig. 5 is a simplified schematic diagram of a data flow-to-relation diagram according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a topology diagram generation apparatus of an industrial control network according to an embodiment of the present invention.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
It should be noted that the features of the embodiments of the present invention may be combined with each other without conflict.
As described in the background art, the industrial control network topological graph can provide data support for the industrial control network troubleshooting process, so that fault location fault points can be more quickly checked.
Another method for generating a link topology in the prior art is as follows: (1) deeply analyzing network data to generate formatted data; (2) Carrying out data cleaning on the formatted data, and extracting key information to generate flow event data; (3) Collecting alarm logs in real time, and processing the alarm logs to generate alarm event data; (4) Importing the flow event data and the alarm information data into a distributed database for persistence; (5) carrying out network segment classification statistics; (6) Receiving start and end time, and extracting corresponding basic data from a distributed database to aggregate out a filter; (7) And inquiring all link information contained in the distributed database according to the network segment, the start-stop time and the filter so as to generate the link topology.
The method is based on alarm event data generated by full flow collection, and then classified, stored and stored according to an IP network segment. The method is based on network segment classification, and a topological graph of data flow between the industrial control devices cannot be combed.
In view of this, an embodiment of the present invention provides a method for generating a topology map of an industrial control network, which is capable of analyzing captured network traffic in real time, generating a routing mapping table, then sorting the routing mapping table to obtain a topology sorting sequence, further analyzing a data flow relation tree that reflects a network data flow relation between industrial control devices in real time, finally generating a network communication topology map of the industrial control devices, and persistently storing the network communication topology map. The following detailed description is made by way of examples, with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for generating a topology diagram of an industrial control network according to an embodiment of the present invention, where an execution subject of the method may be an electronic device, and the electronic device may be, but is not limited to, a computer, a personal computer, a server, and the like. The method for generating the topological graph of the industrial control network comprises the following steps S100-S300:
s100, obtaining the routing information corresponding to each data message in the industrial control network system in real time.
In this embodiment, the industrial control network system includes a plurality of industrial control devices, and the device types of the industrial control devices may be, but are not limited to, a server, a controller, an industrial control computer, an industrial robot, and the like. In an industrial control network system, part of industrial control equipment belongs to an upper computer, part of industrial control equipment belongs to a lower computer, and the upper computer can send data messages carrying control instructions to control the lower computer.
Meanwhile, the data message also comprises routing information from the upper computer to the lower computer, the routing information comprises address information and trigger time which are in one-to-one correspondence, and the address information comprises an IP address pair and an MAC address pair. The IP address pair is a source IP address and a destination IP address of the data message, and the MAC address pair is a source MAC address and a destination MAC address of the data message. The source IP address and the source MAC address can jointly identify the position of the industrial control equipment serving as the upper computer in the network. The destination IP address and the destination MAC address can jointly identify the position of the industrial control equipment serving as the lower computer in the network.
S200, in each time period, generating a data flow relation tree based on all routing information in the time period.
In this embodiment, the size of the time period is preset according to the real-time requirement, for example, the time period may be preset to 1 hour or 2 hours, which is merely an example and is not limited herein. In a time period, one piece of routing information reflects the data flow relation of the corresponding upper computer controlling the lower computer, and all the pieces of routing information can reflect the data flow relation among the industrial control devices in the industrial control network system in the time period.
Thus, the data flow relation tree can be generated based on all the routing information within one time period. The data flow relation tree represents the communication relation among a plurality of equipment nodes, and the IP address and the MAC address correspond to one equipment node together, namely one equipment node corresponds to one industrial control equipment.
S300, generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information and the data flow relation tree of each industrial control device.
It is understood that the asset data information of each industrial control device may include one or more of MAC address, IP address, port, device name, device type, device model, protocol name, vendor, device details, version number, serial number, discovery time, asset number, importance/rating.
That is, the network communication topological graph generated in each time period may include asset data information of each industrial control device, and when the network communication topological graph is visually displayed, the asset data information of each industrial control device may be viewed. And when the industrial control network system fails and needs troubleshooting, the network communication topological graph can be used as data support for auxiliary troubleshooting.
The method for generating the topological graph of the industrial control network, provided by the embodiment of the invention, obtains the routing information corresponding to each data message in the industrial control network system in real time. And then generating a data flow relation tree in each time period based on all the routing information in the time period, wherein the data flow relation tree can represent the communication relation among a plurality of equipment nodes. And finally, generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device. The method has the advantages that the data messages related to the whole network of the industrial control network system are used for analysis, the network communication topological diagram of the whole industrial control equipment system is accurately drawn, data support can be provided for follow-up equipment troubleshooting, and potential hidden danger of communication among equipment caused by the operation of polling and full scanning of all unit equipment in the industrial control network system is avoided.
In an optional implementation manner, network traffic of the industrial control network system can be captured in real time, and routing information corresponding to each data packet is further analyzed. Referring to fig. 2 in conjunction with fig. 1, specifically, the sub-steps of step S100 may include steps S110 to S120:
and S110, acquiring the network flow of the industrial control network system in real time.
S120, analyzing each data message to obtain the routing information corresponding to each data message.
It is understood that the network traffic includes a plurality of data packets.
In an optional implementation manner, the routing information corresponding to each data packet may be input to the flow analysis engine in real time, and the flow analysis engine performs data analysis to output a plurality of topology sorting sequences for generating the data flow relation tree. With continued reference to fig. 2, in detail, the sub-steps of the step S200 may include steps S210 to S230:
s210, establishing a routing mapping table by using the routing information corresponding to each data message in a time period.
In this embodiment, the route mapping table may include a plurality of pieces of mapping data, and each piece of mapping data represents a mapping relationship between one device node and a corresponding at least one downlink communication node.
It should be noted that the downlink communication node and the uplink communication node are a relative concept. For a device node B, its uplink communication node is a device node a capable of controlling the device node B, and its downlink communication node is a device node C capable of controlling the device node B. In an industrial control network system, an upper computer can generally control more than one lower computer, so that an equipment node as the upper computer can correspond to at least one downlink communication node.
Optionally, in all the routing information within a time period, there may be two or more routing information, which have different trigger times but the same address information, so that two or more routing information may form a set of routing information.
Therefore, the flow analysis engine filters the data to ensure the accuracy of the final topological graph. On the basis of fig. 2, please refer to fig. 3, specifically, the sub-steps of the step S210 may include steps S211 to S212:
s211, aiming at each group of routing information with different trigger time and same address information, keeping the routing information with the earliest trigger time in the group of routing information, and obtaining each routing information after filtering in a time period.
S212, establishing a routing mapping table according to each routing information filtered in the time period.
That is, the routing information in each time period may include: each group of routing information has different trigger time and same address information. In a group of routing information, only the routing information with the earliest trigger time is reserved to realize data filtering.
S220, searching the routing mapping table to obtain a plurality of topology sequencing sequences.
In this embodiment, the number of the downlink communication nodes corresponding to the device node may be the out-degree of the device node. The number of the uplink communication nodes corresponding to the device node may be the in-degree of the device node.
In an industrial control network system, generally, two lower computers controlled by an upper computer are independent, that is, the situation that two upper computers can control the same lower computer to execute the same instruction does not occur.
Optionally, on the basis of fig. 2, referring to fig. 4, the sub-steps of the step S220 may include steps S221 to S223:
s221, finding out a plurality of leaf nodes from the routing mapping table.
It is to be understood that a leaf node may represent a device node with a degree of zero. In an industrial control network system, the industrial control equipment corresponding to the leaf node is usually the bottom layer execution equipment, does not have control capability and only executes corresponding production actions according to the instructions of the upper computer.
S222, aiming at any leaf node, searching the route mapping table by taking the leaf node as a starting point to obtain at least one topological sorting sequence.
In this embodiment, the topological ordered sequence may characterize the path from the root node to the leaf node. The root node can represent a device node with zero in-degree, and in the industrial control network system, the industrial control device corresponding to the root node is usually a top-level control device and is used for controlling a plurality of lower computers corresponding to the industrial control device.
And S223, traversing each leaf node to obtain a plurality of topological sorting sequences.
It can be understood that, for a leaf node, at least one topological ordering sequence can be obtained by searching the route mapping table with the leaf node as a starting point. And traversing each leaf node to obtain all topological sorting sequences.
And S230, generating a data flow relation tree according to the plurality of topological sorting sequences.
It can be understood that after the data flow relation tree is obtained, the network communication topological graph corresponding to the time period can be generated by combining the asset data information of each industrial control device. After obtaining the network communication topological graph corresponding to a time period, the storage can be persisted.
The following describes a process of the above-described topology generation method for an industrial control network by using a simple example.
Optionally, in the routing mapping table, each piece of mapping data may be presented in the form of a key value pair ("key: value"), where the key represents one upper computer, and the value may represent at least one lower computer corresponding to the upper computer.
Assume that there are 6 device nodes V0, V1, V2, V3, V4, V5 in the resulting route mapping table. The three pieces of mapping data in the generated route mapping table may be:
{“V0”:“V1,V2”}、{“V1”:“V3,V4”}、{“V2”:“V5”}
which respectively represent: the downlink communication nodes of the equipment node V0 are equipment nodes V1 and V2; the downlink communication nodes of the equipment node V1 are equipment nodes V3 and V4; the downstream communication node of the device node V2 is a device node V5. A plurality of downstream communication nodes under one device node may be referred to as peer nodes.
Wherein, in the routing mapping table, the leaf node may be determined as: v3, V4 and V5.
Taking V4 as an example, looking up a corresponding topology sequence with V4 as a starting point: firstly, searching V4 and stacking V4, then searching all peer nodes V3 of V4 and stacking V3; (after the peer node of V4 finishes the stacking), searching the uplink communication node V1 of V4 and stacking V1; searching a peer node V2 of the V1, searching a downlink communication node V5 of the V2, stacking the V2 after the V5 is stacked, finally searching an uplink communication node V0 of the V2, stacking the V0 and finishing the searching.
Because the stack has the characteristic of first in and last out, the stacking sequence is as follows: v4, V3, V1, V5, V2, V0, so the output topological ordered sequence is: { V0, V2, V5, V1, V3, V4}.
Aiming at V3, searching a corresponding topology sequencing sequence by taking V3 as a starting point: firstly, searching V3 and stacking V3, then searching all peer nodes V4 of V3 and stacking V4; (after the peer node of V3 finishes the stacking), searching the uplink communication node V1 of V3 and stacking V1; searching a peer node V2 of the V1, searching a downlink communication node V5 of the V2, stacking the V2 after the V5 is stacked, finally searching an uplink communication node V0 of the V2, stacking the V0 and finishing the searching.
The stacking sequence is as follows: v3, V4, V1, V5, V2, V0, so the topological ordered sequence corresponding to output V3 is: { V0, V2, V5, V1, V4, V3}.
For V5, a corresponding topological sorting sequence is searched by taking V5 as a starting point: firstly searching V5 and pushing V5, searching V5 for an uplink communication node V2 of V5 and pushing V2 if the same node does not exist in V5, then searching V2 for a same node V1, and then searching V1 for downlink communication nodes V3 and V4, wherein the pushing sequence of V3 and V4 has the following two conditions:
1. v3 enters V4 first and then enters, and the corresponding nodes which are already pushed comprise: v5, V2, V3, V4;
2. v4 enters V3 first and then enters, and the corresponding nodes which are already pushed comprise: v5, V2, V4 and V3.
Then, on the basis of the two situations, V1 can be found and pushed, and finally V0 can be found and pushed.
Thus, the two stacking orders are: v5, V2, V3, V4, V1, V0 and V5, V2, V4, V3, V1, V0. Then the two topological ordering sequences corresponding to the output V5 are: { V0, V1, V4, V3, V2, V5} and { V0, V1, V3, V4, V2, V5}.
As can be seen from the lookup process for V5, when two or more to-be-stacked nodes are found, the to-be-stacked nodes may be stacked in different order. Therefore, more than one topologically ordered sequence may result from a single lookup.
The path indicated by each topological ordered sequence is as follows:
{ V0, V2, V5, V1, V3, V4}, { V0, V2, V5, V1, V4, V3} indicate that the path from the root node V0 to the leaf node V5 is: v0, V2, V5;
{ V0, V1, V3, V4, V2, V5} indicates that the path from root node V0 to leaf node V3 is: v0, V1, V3;
{ V0, V1, V4, V3, V2, V5} indicates that the path from root node V0 to leaf node V4 is: v0, V1, V4.
Thus, based on all the topological ordering sequences, the resulting data flow relationship tree can be as shown in fig. 5.
It should be noted that the above example is a simple example for easy understanding, and is not limited thereto. In a specific application scenario, the number of industrial control devices (the number of device nodes), the form of a routing mapping table, and the style of a data flow relation tree in an industrial control network system all take actual situations as the standard.
It should be noted that, the execution sequence of each step in the foregoing method embodiments is not limited to that shown in the drawings, and the execution sequence of each step is subject to the practical application.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
1) Full flow coverage: analyzing and processing the network flow of the whole industrial control network system, and drawing a network communication topological graph of the whole industrial control network system;
2) The accuracy is as follows: by using a topology sequencing algorithm, a network communication topological graph of the industrial control network system can be efficiently and accurately drawn;
3) Real-time performance: due to the real-time calculation characteristic of the flow analysis engine, a network communication topological graph can be generated and updated regularly in real time, and data support is provided for timely troubleshooting equipment failures;
4) The universality is as follows: the method mainly uses two parameters of the IP address and the MAC address of the industrial control equipment, and has universality in an industrial control network system.
In order to execute the corresponding steps in the above method embodiments and various possible embodiments, an implementation manner of a topology map generation apparatus of an industrial control network is given below.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a topology generating device 200 of an industrial control network according to an embodiment of the present invention. The device comprises: an acquisition module 210, a processing module 220, and a generation module 230.
The obtaining module 210 is configured to obtain, in real time, routing information corresponding to each data packet in the industrial control network system; the industrial control network system comprises a plurality of industrial control devices.
The processing module 220 generates a data flow relation tree based on all routing information in each time period; the data flow relation tree represents the communication relation among a plurality of equipment nodes, and one equipment node corresponds to one industrial control equipment.
And a generating module 230, configured to generate a network communication topology of the industrial control network system corresponding to the time period based on the asset data information and the data flow relation book of each industrial control device.
In an alternative embodiment, the obtaining module 210 may specifically be configured to: acquiring network flow of an industrial control network system in real time; the network traffic comprises a plurality of data messages; and analyzing each data message to obtain the routing information corresponding to each data message.
In an alternative embodiment, the processing module 220 may specifically be configured to: establishing a routing mapping table by utilizing the routing information corresponding to each data message in a time period; the routing mapping table comprises a plurality of pieces of mapping data, and each piece of mapping data represents the mapping relation between one equipment node and at least one corresponding downlink communication node; searching a routing mapping table to obtain a plurality of topological sorting sequences; and generating a data flow relation tree according to the plurality of topology sequencing sequences.
In an optional embodiment, the number of downlink communication nodes corresponding to the device node is the out degree of the device node; the number of the uplink communication nodes corresponding to the equipment node is the degree of entry of the equipment node. The processing module 220 may be specifically configured to:
finding out a plurality of leaf nodes from the routing mapping table, wherein the leaf nodes represent equipment nodes with zero degree; aiming at any leaf node, searching a route mapping table by taking the leaf node as a starting point to obtain at least one topological sorting sequence; the topology sequencing sequence represents a path from a root node to a leaf node, and the root node represents an equipment node with zero in-degree; and traversing each leaf node to obtain a plurality of topological sorting sequences.
In an optional embodiment, the routing information includes address information and trigger time in one-to-one correspondence, and the address information includes an IP address pair and an MAC address pair; the routing information within the time period includes: each group of routing information has different trigger time and same address information. The processing module 220 may be specifically configured to:
for each group of routing information with different trigger time and same address information, retaining the routing information with the earliest trigger time in the group of routing information to obtain each filtered routing information in a time period; and establishing a routing mapping table according to each filtered routing information in the time period.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the topology generation apparatus 200 for an industrial control network described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device 300 includes a processor 310, a memory 320, and a bus 330, the processor 310 being coupled to the memory 320 via the bus 330.
The memory 320 may be used to store a software program, such as the topology map generation apparatus shown in fig. 6. The Memory 320 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Flash Memory (Flash), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The processor 310 may be an integrated circuit chip having signal processing capabilities.
The Processor 310 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
It will be appreciated that the configuration shown in fig. 7 is merely illustrative and that electronic device 300 may include more or fewer components than shown in fig. 7 or have a different configuration than shown in fig. 7. The components shown in fig. 7 may be implemented in hardware, software, or a combination thereof.
The embodiment of the present invention further provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the method for generating a topology map of an industrial control network disclosed in the above embodiment is implemented. The storage medium may be, but is not limited to: u disk, removable hard disk, ROM, RAM, PROM, EPROM, EEPROM, FLASH disk or optical disk, etc.
To sum up, the embodiment of the present invention provides a method and an apparatus for generating a topology map of an industrial control network, an electronic device, and a storage medium, which are used for obtaining routing information corresponding to each data packet in an industrial control network system in real time. And then generating a data flow relation tree in each time period based on all the routing information in the time period, wherein the data flow relation tree can represent the communication relation among a plurality of equipment nodes. And finally, generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device. The method has the advantages that the data messages related to the whole network of the industrial control network system are used for analysis, the network communication topological graph of the whole industrial control equipment system is accurately drawn, and data support can be provided for follow-up equipment troubleshooting.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A topological graph generation method of an industrial control network is characterized by comprising the following steps:
obtaining routing information corresponding to each data message in the industrial control network system in real time; the industrial control network system comprises a plurality of industrial control devices;
in each time period, generating a data flow relation tree based on all routing information in the time period; the data flow relation tree represents the communication relation among a plurality of equipment nodes, and one equipment node corresponds to one industrial control equipment;
and generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device and the data flow relation tree.
2. The method according to claim 1, wherein the step of obtaining the routing information corresponding to each data packet in the industrial control network system in real time comprises:
collecting the network flow of the industrial control network system in real time; the network traffic comprises a plurality of the data packets;
and analyzing each data message to obtain the routing information corresponding to each data message.
3. The method of claim 1, wherein the step of generating the data flow relation tree based on all routing information in the time period comprises:
establishing a routing mapping table by using the routing information corresponding to each data message in the time period; the route mapping table comprises a plurality of pieces of mapping data, and each piece of mapping data represents a mapping relation between one equipment node and at least one corresponding downlink communication node;
searching the routing mapping table to obtain a plurality of topological sorting sequences;
and generating the data flow relation tree according to the plurality of topological sorting sequences.
4. The method according to claim 3, wherein the number of downlink communication nodes corresponding to the device node is the out degree of the device node; the number of the uplink communication nodes corresponding to the equipment node is the degree of entry of the equipment node;
the step of searching the routing mapping table to obtain a plurality of topology sequencing sequences includes:
finding out a plurality of leaf nodes from the routing mapping table, wherein the leaf nodes represent equipment nodes with zero degree;
aiming at any leaf node, searching the routing mapping table by taking the leaf node as a starting point to obtain at least one topological sorting sequence; the topology sequencing sequence represents a path from a root node to the leaf node, and the root node represents the equipment node with zero degree;
and traversing each leaf node to obtain a plurality of topological sorting sequences.
5. The method of claim 3, wherein the routing information comprises address information and trigger time in a one-to-one correspondence, and wherein the address information comprises an IP address pair and a MAC address pair; the routing information in the time period comprises: each group of routing information with different trigger time and same address information;
the step of establishing a routing mapping table by using the routing information in the time period includes:
for each group of routing information with different trigger time and the same address information, retaining the routing information with the earliest trigger time in the group of routing information to obtain each filtered routing information in the time period;
and establishing the routing mapping table according to each piece of filtered routing information in the time period.
6. A topological graph generating device of an industrial control network is characterized by comprising:
the acquisition module is used for acquiring the routing information corresponding to each data message in the industrial control network system in real time; the industrial control network system comprises a plurality of industrial control devices;
the processing module generates a data flow relation tree based on all routing information in each time period; the data flow relation tree represents the communication relation among a plurality of equipment nodes, and one equipment node corresponds to one industrial control equipment;
and the generating module is used for generating a network communication topological graph of the industrial control network system corresponding to the time period based on the asset data information of each industrial control device.
7. The apparatus of claim 6, wherein the obtaining module is specifically configured to:
collecting the network flow of the industrial control network system in real time; the network traffic comprises a plurality of the data packets;
and analyzing each data message to obtain the routing information corresponding to each data message.
8. The apparatus of claim 6, wherein the processing module is specifically configured to:
establishing a routing mapping table by using the routing information corresponding to each data message in the time period; the routing mapping table comprises a plurality of pieces of mapping data, and each piece of mapping data represents a mapping relation between one equipment node and at least one corresponding downlink communication node;
searching the routing mapping table to obtain a plurality of topology sequencing sequences;
and generating the data flow relation tree according to the plurality of topological sorting sequences.
9. An electronic device, comprising: a memory and a processor, the memory storing machine-readable instructions executable by the processor, the processor executing the machine-readable instructions to implement the method of any of claims 1-5 when the electronic device is run.
10. A storage medium, characterized in that the storage medium stores a computer program which is executed by a processor to implement the method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211225173.4A CN115514653A (en) | 2022-10-09 | 2022-10-09 | Method and device for generating topological graph of industrial control network, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211225173.4A CN115514653A (en) | 2022-10-09 | 2022-10-09 | Method and device for generating topological graph of industrial control network, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115514653A true CN115514653A (en) | 2022-12-23 |
Family
ID=84507726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211225173.4A Pending CN115514653A (en) | 2022-10-09 | 2022-10-09 | Method and device for generating topological graph of industrial control network, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115514653A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185749A (en) * | 2011-06-07 | 2011-09-14 | 北京交通大学 | Method for avoiding routing loop by adopting tree topology relationship |
| JP2015154287A (en) * | 2014-02-14 | 2015-08-24 | 日本電信電話株式会社 | communication network and node |
| US20160218959A1 (en) * | 2015-01-27 | 2016-07-28 | Electronics And Telecommunications Research Institute | Method for managing domain routing table in router on network structure based on hierarchical domain |
| CN111130883A (en) * | 2019-12-25 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Method and device for determining topological graph of industrial control equipment and electronic equipment |
| CN111224802A (en) * | 2018-11-23 | 2020-06-02 | 北京国基科技股份有限公司 | SNMP-based data link layer network topology discovery method and device |
-
2022
- 2022-10-09 CN CN202211225173.4A patent/CN115514653A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185749A (en) * | 2011-06-07 | 2011-09-14 | 北京交通大学 | Method for avoiding routing loop by adopting tree topology relationship |
| JP2015154287A (en) * | 2014-02-14 | 2015-08-24 | 日本電信電話株式会社 | communication network and node |
| US20160218959A1 (en) * | 2015-01-27 | 2016-07-28 | Electronics And Telecommunications Research Institute | Method for managing domain routing table in router on network structure based on hierarchical domain |
| CN111224802A (en) * | 2018-11-23 | 2020-06-02 | 北京国基科技股份有限公司 | SNMP-based data link layer network topology discovery method and device |
| CN111130883A (en) * | 2019-12-25 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Method and device for determining topological graph of industrial control equipment and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109981349B (en) | Call chain information query method and device | |
| CN110659109A (en) | Openstack cluster virtual machine monitoring system and method | |
| US11762879B2 (en) | Information traceability method and system based on blockchain | |
| CN113259467B (en) | Webpage asset fingerprint tag identification and discovery method based on big data | |
| CN112751733A (en) | Link detection method, device, equipment, system and switch | |
| CN110224859A (en) | The method and system of clique for identification | |
| US20130042020A1 (en) | Quick Network Path Discovery | |
| CN113596078A (en) | Service problem positioning method and device | |
| CN115022230B (en) | Communication path planning method and device | |
| CN114915561A (en) | Network topological graph generation method and device | |
| CN112532529B (en) | Mesh routing topology networking method and system | |
| CN115309907B (en) | Alarm log association method and device | |
| US20220174081A1 (en) | Monitoring of abnormal host | |
| US20040158780A1 (en) | Method and system for presenting neighbors of a device in a network via a graphical user interface | |
| CN115514653A (en) | Method and device for generating topological graph of industrial control network, electronic equipment and storage medium | |
| EP4280561A1 (en) | Information flow identification method, network chip, and network device | |
| CN113766363B (en) | Fault monitoring method and device and computing equipment | |
| CN116821215A (en) | OPC UA server searching method based on port inquiry | |
| CN109818799A (en) | Log collection analysis method and equipment | |
| CN112131435B (en) | Super node determining method, device, electronic equipment and storage medium | |
| CN111385162B (en) | Network detection method and device, computer equipment and storage medium | |
| CN112653588A (en) | Adaptive network traffic collection method, system, electronic device and storage medium | |
| CN109495178B (en) | Method and device for constructing FTTx network topology link | |
| CN112822075A (en) | Service link tracking method and related device | |
| CN115412462B (en) | Detection method for inter-domain route interruption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |