CN115623092B - System monitoring method, device, equipment and medium based on electric signals - Google Patents

System monitoring method, device, equipment and medium based on electric signals Download PDF

Info

Publication number
CN115623092B
CN115623092B CN202211629264.4A CN202211629264A CN115623092B CN 115623092 B CN115623092 B CN 115623092B CN 202211629264 A CN202211629264 A CN 202211629264A CN 115623092 B CN115623092 B CN 115623092B
Authority
CN
China
Prior art keywords
signal
analog quantity
discrete
protocol
analog
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211629264.4A
Other languages
Chinese (zh)
Other versions
CN115623092A (en
Inventor
周磊
田鹏辉
姚朋
王自强
田野
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Andi Technology Co ltd
Original Assignee
Beijing Andi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Andi Technology Co ltd filed Critical Beijing Andi Technology Co ltd
Priority to CN202211629264.4A priority Critical patent/CN115623092B/en
Publication of CN115623092A publication Critical patent/CN115623092A/en
Application granted granted Critical
Publication of CN115623092B publication Critical patent/CN115623092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)

Abstract

The embodiment of the disclosure discloses a system monitoring method, a device, equipment and a medium based on an electric signal. One embodiment of the method comprises: collecting discrete quantity signals of the target industrial equipment in response to the switching value distributor; controlling the discrete magnitude sampling instrument to convert the discrete magnitude signal into a discrete magnitude master-slave communication protocol signal; acquiring an analog quantity signal of the target industrial equipment through an analog quantity distributor, and sending the analog quantity signal to an analog quantity sampling instrument; controlling an analog quantity sampling instrument to convert an analog quantity signal into an analog quantity master-slave communication protocol signal; converting the discrete master-slave communication protocol signal and the analog master-slave communication protocol signal into an Ethernet protocol through a protocol converter; carrying out feature extraction processing on the Ethernet protocol to extract information gain features; and performing principal component analysis processing on the information gain characteristics. The implementation mode improves the network security of the system.

Description

System monitoring method, device, equipment and medium based on electric signals
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a system monitoring method, device, equipment and medium based on electric signals.
Background
In recent years, due to the complexity and diversity of industrial systems, design defects of industrial communication protocols and insufficient security awareness, the whole Internet Connection Sharing (ICS) system is extremely vulnerable and damaged, and network security events of Industrial Control Systems (ICS) occur frequently. Current network security solutions based on IT and OT fusion can cover layers 1 to 4 of the ICS system. IP network based monitoring methods are critical but not sufficient to secure the control system and prevent serious damage to OT equipment and machinery. Currently, monitoring of an industrial control system is generally performed in the following manner: and performing source authentication on the received signal.
However, the following technical problems generally exist in the above manner: the signal value of the signal is not detected, and when the signal value is abnormal, the system may execute an erroneous instruction, thereby reducing the network security of the system.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
Some embodiments of the present disclosure propose electrical signal based system monitoring methods, apparatuses, electronic devices and computer readable media to solve one or more of the technical problems mentioned in the background section above.
In a first aspect, some embodiments of the present disclosure provide a method for electrical signal-based system monitoring, the method comprising: responding to a discrete magnitude signal of target industrial equipment acquired by a switching value distributor, and respectively sending the discrete magnitude signal to the target industrial equipment and a discrete magnitude sampling instrument; controlling the discrete magnitude sampling instrument to convert the discrete magnitude signal into a discrete magnitude master-slave communication protocol signal; acquiring an analog quantity signal of the target industrial equipment through an analog quantity distributor, and respectively sending the analog quantity signal to the target industrial equipment and an analog quantity sampling instrument; controlling the analog quantity sampling instrument to convert the analog quantity signal into an analog quantity master-slave communication protocol signal; converting the discrete quantity master-slave communication protocol signal and the analog quantity master-slave communication protocol signal into an Ethernet protocol through a protocol converter; performing feature extraction processing on the ethernet protocol to extract an information gain feature, wherein the information gain feature includes: length, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time of the internet interconnect protocol packet; and performing principal component analysis processing on the information gain characteristics to map the length, source address, destination address, transport layer protocol, control bit, port number, byte number, function code and frame time of the internet interconnection protocol data packet included in the information gain characteristics to an orthogonal coordinate axis, and obtaining a mapped orthogonal coordinate axis as a target characteristic model.
In a second aspect, some embodiments of the present disclosure provide an electrical signal-based system monitoring device, the device comprising: the transmitting unit is configured to respond to the discrete quantity signal acquired by the switching value distributor to the target industrial equipment and the discrete quantity sampling instrument and respectively transmit the discrete quantity signal to the target industrial equipment and the discrete quantity sampling instrument; a first control unit configured to control the discrete quantity sampler to convert the discrete quantity signal into a discrete quantity master-slave communication protocol signal; the acquisition unit is configured to acquire the analog quantity signal of the target industrial equipment through an analog quantity distributor and respectively send the analog quantity signal to the target industrial equipment and an analog quantity sampling instrument; the second control unit is configured to control the analog quantity sampling instrument to convert the analog quantity signal into an analog quantity master-slave communication protocol signal; the conversion unit is configured to convert the discrete quantity master-slave communication protocol signal and the analog quantity master-slave communication protocol signal into an Ethernet protocol through a protocol converter; an extraction unit configured to perform feature extraction processing on the ethernet protocol to extract an information gain feature, wherein the information gain feature includes: length, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time of the internet interconnect protocol packet; and the mapping unit is configured to perform principal component analysis processing on the information gain characteristics so as to map the length, the source address, the destination address, the transport layer protocol, the control bit, the port number, the byte number, the function code and the frame time of an internet interconnection protocol data packet included in the information gain characteristics to orthogonal coordinate axes, and obtain mapping orthogonal coordinate axes as a target characteristic model.
In a third aspect, some embodiments of the present disclosure provide an electronic device, comprising: one or more processors; a storage device, on which one or more programs are stored, which when executed by one or more processors cause the one or more processors to implement the method described in any implementation of the first aspect.
In a fourth aspect, some embodiments of the disclosure provide a computer-readable medium on which a computer program is stored, wherein the computer program, when executed by a processor, implements the method described in any implementation manner of the first aspect.
The above embodiments of the present disclosure have the following advantages: by the system monitoring method based on the electric signals, the network safety of the system is improved. Specifically, the reasons for reducing the network security of the system are: the signal value of the signal is not detected, which may cause the system to execute an erroneous instruction when the signal value is abnormal. Based on this, in the system monitoring method based on the electrical signal according to some embodiments of the present disclosure, first, in response to a discrete quantity signal of a target industrial device collected by a switching value distributor, the discrete quantity signal is respectively sent to the target industrial device and a discrete quantity sampler. Thus, the discrete quantity signal is convenient to analyze. And secondly, controlling the discrete magnitude sampling instrument to convert the discrete magnitude signal into a discrete magnitude master-slave communication protocol signal. Thereby, the gain characteristic of the discrete magnitude signal is facilitated to be determined. And secondly, acquiring the analog quantity signal of the target industrial equipment through an analog quantity distributor, and respectively sending the analog quantity signal to the target industrial equipment and the analog quantity sampling instrument. Therefore, the analog quantity signal is convenient to analyze. And then, controlling the analog quantity sampling instrument to convert the analog quantity signal into an analog quantity master-slave communication protocol signal. Thereby, the gain characteristic of the analog quantity signal is easily determined. And then, converting the discrete quantity master-slave communication protocol signal and the analog quantity master-slave communication protocol signal into an Ethernet protocol through a protocol converter. Thereby, the gain characteristic of the overall signal is facilitated to be determined. Then, feature extraction processing is carried out on the Ethernet protocol to extract information gain features. Wherein the information gain characteristic comprises: length of internet protocol packets, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time. Thereby, the information gain characteristic in the Ethernet protocol can be extracted. And finally, performing principal component analysis processing on the information gain characteristics to map the length, source address, destination address, transport layer protocol, control bit, port number, byte number, function code and frame time of the internet interconnection protocol data packet included in the information gain characteristics to an orthogonal coordinate axis to obtain a mapping orthogonal coordinate axis as a target characteristic model. Therefore, reference basis can be provided for subsequent detection of the analog quantity signal/discrete quantity signal. Whether the signal value corresponding to the analog quantity signal/discrete quantity signal is in a normal range or not can be detected through the target characteristic model. Therefore, the analog quantity signal/discrete quantity signal can be detected, and the network security of the system is improved.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and elements are not necessarily drawn to scale.
FIG. 1 is a flow diagram of some embodiments of an electrical signal-based system monitoring method according to the present disclosure;
FIG. 2 is a schematic block diagram of some embodiments of an electrical signal-based system monitoring device according to the present disclosure;
FIG. 3 is a schematic block diagram of an electronic device suitable for use in implementing some embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and the embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings. The embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is a flow diagram of some embodiments of an electrical signal-based system monitoring method according to the present disclosure. A flow 100 of some embodiments of an electrical signal-based system monitoring method according to the present disclosure is shown. The system monitoring method based on the electric signals comprises the following steps:
step 101, responding to a discrete magnitude signal of the target industrial equipment acquired by the switching value distributor, and respectively sending the discrete magnitude signal to the target industrial equipment and the discrete magnitude sampling instrument.
In some embodiments, an executing entity (e.g., a server) of the system monitoring method based on the electrical signal may transmit the discrete quantity signal to the target industrial device and the discrete quantity sampler, respectively, in response to the switching value distributor collecting the discrete quantity signal of the target industrial device. Here, the switching value distributor may refer to a switching value distributor communicatively connected to the execution main body. For example, the switching value divider may refer to a one-input two-output switching value divider. The target industrial device may refer to a Programmable Logic Controller (PLC) communicatively connected to the execution body. The discrete magnitude signal may refer to a discrete signal. The discrete signal can represent a switch state discrete signal, a start-stop state discrete signal, and the like. The discrete quantity sampler may be a discrete quantity RTU (Remote Terminal Unit) sampler. The discrete magnitude sampling instrument is in communication connection with the execution main body.
And 102, controlling the discrete quantity sampling instrument to convert the discrete quantity signal into a discrete quantity master-slave communication protocol signal.
In some embodiments, the execution subject may control the discrete quantity sampler to convert the discrete quantity signal into a discrete quantity master-slave communication protocol signal. Here, the discrete-quantity master-slave communication protocol signal may represent a master-slave communication protocol signal (Modbus RTU signal) to which the discrete-quantity signal is converted. Modbus is a serial communication protocol.
And 103, acquiring an analog quantity signal of the target industrial equipment through an analog quantity distributor, and respectively sending the analog quantity signal to the target industrial equipment and an analog quantity sampling instrument.
In some embodiments, the execution body may collect an analog signal of the target industrial device through an analog distributor, and send the analog signal to the target industrial device and the analog sampler, respectively. Here, the analog distributor may refer to the above-mentioned analog distributor which performs one input and two outputs of the main body communication connection. The analog quantity sampler can be an analog quantity RTU sampler which is in communication connection with the execution main body. The analog quantity signal can refer to a voltage signal and a current signal of the target industrial equipment, or can refer to a pressure signal collected by the target industrial equipment. In practice, the execution main body may control the analog distributor to collect an analog signal of the target industrial device. Wherein. The analog quantity signal comprises: 4-20ma, 0-10v, 10-10v, and the like.
And step 104, controlling the analog quantity sampling instrument to convert the analog quantity signal into an analog quantity master-slave communication protocol signal.
In some embodiments, the execution body may control the analog quantity sampler to convert the analog quantity signal into an analog quantity master-slave communication protocol signal. Here, the analog master-slave communication protocol signal may represent a master-slave communication protocol signal (Modbus RTU signal) converted from an analog signal.
And 105, converting the discrete quantity master-slave communication protocol signal and the analog quantity master-slave communication protocol signal into an Ethernet protocol through a protocol converter.
In some embodiments, the execution subject may convert the discrete-quantity master-slave communication protocol signal and the analog-quantity master-slave communication protocol signal into an ethernet protocol through a protocol converter. Here, the protocol converter may refer to a 485-to-ethernet converter (RS 485 converter) communicatively connected to the execution main body described above. The ethernet protocol may represent signals of the ethernet protocol.
And 106, performing feature extraction processing on the Ethernet protocol to extract information gain features.
In some embodiments, the execution body may perform a feature extraction process on the ethernet protocol to extract the information gain feature. Wherein the information gain characteristic includes: length of Internet Protocol (IP) packets, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code, and frame time. Here, the execution agent may classify and regress the signal represented by the ethernet protocol by a decision tree model algorithm. Therefore, the information gain characteristics of the rule are analyzed. The function code may include: reading coil state, reading discrete input state, reading holding register, reading input register, writing single coil, writing single holding register, writing multiple coils, writing multiple holding registers, and the like.
And 107, performing principal component analysis processing on the information gain characteristics to map the length, the source address, the destination address, the transport layer protocol, the control bit, the port number, the byte number, the function code and the frame time of the internet interconnection protocol data packet included in the information gain characteristics to an orthogonal coordinate axis, and obtaining a mapped orthogonal coordinate axis as a target characteristic model.
In some embodiments, the executing entity may perform principal component analysis processing on the information gain characteristic to map a length, a source address, a destination address, a transport layer protocol, a control bit, a port number, a byte number, a function code, and a frame time of an internet protocol packet included in the information gain characteristic onto an orthogonal axis, so as to obtain a mapped orthogonal axis as a target characteristic model. The orthogonal axes may refer to the axes in the principal component analysis.
It should be noted that principal component analysis is a statistical method introduced to non-random variables, and a principal component refers to a group of variables that may have correlation are converted into a group of linearly uncorrelated variables through orthogonal transformation, and the group of converted variables are called principal components.
Here, the principal component analysis is performed by the following steps:
1. characteristic index data normalization (SPSS software performs automatically);
2. judging the correlation among the characteristic indexes;
3. determining the number m of the main components;
4. a principal component Fi expression;
5. principal component Fi is named.
In addition, by mapping the orthogonal coordinate axes, the change rule of the signals of the respective features can be determined.
Optionally, in response to receiving a discrete quantity input signal, it is determined whether a signal value of the discrete quantity input signal is within a discrete quantity input signal value interval corresponding to the target feature model.
In some embodiments, the execution subject may determine, in response to receiving a discrete magnitude input signal, whether a signal value of the discrete magnitude input signal is within a discrete magnitude input signal value interval corresponding to the target feature model. Here, the discrete quantity input signal may refer to a discrete signal input by a discrete quantity input device (PLC device). Here, the discrete magnitude input signal value interval may refer to a region densely distributed in a feature space of the target feature model, and indicates that the PLC system has a high probability of occurring in the region during normal operation. So when the system detects that the data (discrete magnitude input signal) does not fall within these regions is anomalous. The discrete quantity input device may be a four-channel switching quantity input module.
In practice, the execution subject may determine whether the signal value of the discrete magnitude input signal is within a discrete magnitude input signal value interval corresponding to the target feature model by an isolated forest algorithm.
Optionally, in response to determining that the signal value of the discrete quantity input signal is not within the discrete quantity input signal value interval, generating first device damage detection information, and transmitting the first device damage detection information to an associated device maintenance terminal.
In some embodiments, the execution subject may generate first device damage detection information in response to determining that the signal value of the discrete quantity input signal is not within the discrete quantity input signal value interval, and transmit the first device damage detection information to an associated device maintenance terminal. And the first equipment damage detection information represents maintenance detection on the discrete quantity input equipment corresponding to the discrete quantity input signal. The associated device maintenance terminal may refer to a terminal for performing maintenance on the discrete quantity input device, which is communicatively connected to the execution main body.
Optionally, in response to receiving the discrete quantity output signal, it is determined whether a signal value of the discrete quantity output signal is within a discrete quantity output signal value interval corresponding to the target feature model.
In some embodiments, the execution subject may determine, in response to receiving the discrete quantity output signal, whether a signal value of the discrete quantity output signal is within a discrete quantity output signal value interval corresponding to the target feature model. Here, the discrete quantity output signal may refer to a discrete signal output by a discrete quantity output device (PLC device). The discrete magnitude output signal value interval can be a region densely distributed in a feature space of the target feature model, and represents that the probability of the region occurring in normal operation of the PLC system is high. Thus, when the system detects that the data (discrete magnitude output signal) that does not fall within these regions is anomalous. The discrete quantity output device may refer to a button, a travel switch, a change-over switch, a relay, a contactor, a solenoid valve, and the like.
Optionally, in response to determining that the signal value of the discrete magnitude output signal is not within the discrete magnitude output signal value interval, generating first network protection prompting information, and sending the first network protection prompting information to an associated network protection terminal.
In some embodiments, the execution subject may generate first network defense prompting information in response to determining that the signal value of the discrete magnitude output signal is not within the discrete magnitude output signal value interval, and send the first network defense prompting information to an associated network defense terminal. The first network protection prompt information represents that network protection is performed on discrete magnitude output equipment (PLC equipment) corresponding to the discrete magnitude output signal. The associated network defense terminal may refer to a network defense terminal that is in communication connection with the execution subject. Here, the network protection terminal may perform network security detection on the discrete quantity output device, and promote a network firewall of the discrete quantity output device.
Optionally, in response to receiving the analog input signal, determining whether the signal value of the analog input signal is within the range of the analog input signal value corresponding to the target feature model.
In some embodiments, the execution subject may determine, in response to receiving the analog input signal, whether a signal value of the analog input signal is within an analog input signal value interval corresponding to the target feature model. Here, the analog input signal may refer to an analog signal input by an analog input device (PLC device). Here, the analog input signal value interval may refer to a region densely distributed in a feature space of the target feature model, and indicates that the PLC system has a high probability of occurring in the region during normal operation. So when the system detects that the data (analog input signal) does not fall within these areas is anomalous. The analog input device may refer to a four-channel analog input module.
Optionally, in response to determining that the signal value of the analog input signal is not within the analog input signal value interval, generating second device damage detection information, and sending the second device damage detection information to an associated device maintenance terminal.
In some embodiments, the execution body may generate second device damage detection information in response to determining that the signal value of the analog input signal is not within the analog input signal value interval, and transmit the second device damage detection information to an associated device maintenance terminal. And the second equipment damage detection information represents maintenance detection on the analog quantity input equipment corresponding to the analog quantity input signal. The associated device maintenance terminal may refer to a terminal for performing maintenance on the analog quantity input device, which is communicatively connected to the execution main body.
Optionally, in response to receiving the analog output signal, determining whether a signal value of the analog output signal is within an analog output signal value interval corresponding to the target feature model.
In some embodiments, the execution subject may determine, in response to receiving the analog output signal, whether a signal value of the analog output signal is within an analog output signal value interval corresponding to the target feature model. Here, the analog output signal may refer to an analog signal output by an analog output device (PLC device). The analog quantity output signal value interval can be a region densely distributed in a feature space of the target feature model, and represents that the probability of the PLC system occurring in the region is high during normal operation. Thus, when the system detects that the data (analog output signal) does not fall within these areas is anomalous. The analog output device can be a flow sensor, a liquid level sensor, a pressure sensor, a temperature and humidity sensor and the like.
Optionally, in response to determining that the signal value of the analog output signal is not within the analog output signal value interval, generating second network protection prompt information, and sending the second network protection prompt information to an associated network protection terminal.
In some embodiments, the execution main body may generate second network defense prompting information in response to determining that the signal value of the analog output signal is not within the analog output signal value interval, and transmit the second network defense prompting information to an associated network defense terminal. And the second network protection prompt information represents that the network protection is performed on the analog output equipment corresponding to the analog output signal. The associated network defense terminal may refer to a network defense terminal that is communicatively connected to the execution main body. Here, the network protection terminal may perform network security detection on the analog output device (PLC device), and improve a network firewall of the analog output device.
The above embodiments of the present disclosure have the following advantages: by the system monitoring method based on the electric signals, the network security of the system is improved. Specifically, the reasons for reducing the network security of the system are: the signal value of the signal is not detected, which may cause the system to execute an erroneous instruction when the signal value is abnormal. Based on this, the system monitoring method based on the electrical signal according to some embodiments of the present disclosure first, in response to the switching value distributor acquiring the discrete quantity signal of the target industrial device, sends the discrete quantity signal to the target industrial device and the discrete quantity sampler, respectively. Thus, the discrete quantity signal is convenient to analyze. And secondly, controlling the discrete magnitude sampling instrument to convert the discrete magnitude signal into a discrete magnitude master-slave communication protocol signal. Thereby, the gain characteristic of the discrete magnitude signal is facilitated to be determined. And secondly, acquiring an analog quantity signal of the target industrial equipment through an analog quantity distributor, and respectively sending the analog quantity signal to the target industrial equipment and an analog quantity sampling instrument. Therefore, the analog quantity signal is convenient to analyze. And then, controlling the analog quantity sampling instrument to convert the analog quantity signal into an analog quantity master-slave communication protocol signal. Thereby, the gain characteristic of the analog quantity signal is easily determined. And then, converting the discrete quantity master-slave communication protocol signal and the analog quantity master-slave communication protocol signal into an Ethernet protocol through a protocol converter. Thereby, the gain characteristic of the overall signal is facilitated to be determined. Then, feature extraction processing is carried out on the Ethernet protocol to extract information gain features. Wherein the information gain characteristic comprises: length of internet protocol packets, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time. Thereby, the information gain characteristic in the Ethernet protocol can be extracted. And finally, performing principal component analysis processing on the information gain characteristics to map the length, the source address, the destination address, the transport layer protocol, the control bit, the port number, the byte number, the function code and the frame time of the internet interconnection protocol data packet included in the information gain characteristics to an orthogonal coordinate axis to obtain a mapped orthogonal coordinate axis as a target characteristic model. Therefore, reference basis can be provided for subsequent detection of the analog quantity signal/discrete quantity signal. Whether the signal value corresponding to the analog quantity signal/discrete quantity signal is in a normal range or not can be detected through the target characteristic model. Therefore, the analog quantity signal/discrete quantity signal can be detected, and the network safety of the system is improved.
With further reference to fig. 2, as an implementation of the methods illustrated in the above figures, the present disclosure provides some embodiments of an electrical signal-based system monitoring apparatus, which correspond to those method embodiments illustrated in fig. 1, which may be particularly applicable in various electronic devices.
As shown in fig. 2, the electrical signal-based system monitoring device 200 of some embodiments includes: the device comprises a sending unit 201, a first control unit 202, a collecting unit 203, a second control unit 204, a converting unit 205, an extracting unit 206 and a mapping unit 207. The transmitting unit 201 is configured to respond to a discrete quantity signal acquired by the switching value distributor to a target industrial device, and transmit the discrete quantity signal to the target industrial device and the discrete quantity sampling instrument respectively; a first control unit 202 configured to control the discrete quantity sampler to convert the discrete quantity signal into a discrete quantity master-slave communication protocol signal; the acquisition unit 203 is configured to acquire an analog quantity signal of the target industrial equipment through an analog quantity distributor and send the analog quantity signal to the target industrial equipment and an analog quantity sampler respectively; a second control unit 204 configured to control the analog quantity sampler to convert the analog quantity signal into an analog quantity master-slave communication protocol signal; a conversion unit 205 configured to convert the discrete quantity master-slave communication protocol signal and the analog quantity master-slave communication protocol signal into an ethernet protocol through a protocol converter; an extracting unit 206 configured to perform a feature extraction process on the ethernet protocol to extract an information gain feature, wherein the information gain feature includes: length, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time of the internet interconnect protocol packet; a mapping unit 207 configured to perform principal component analysis processing on the information gain characteristics, so as to map the length, source address, destination address, transport layer protocol, control bit, port number, byte number, function code, and frame time of the internet protocol packet included in the information gain characteristics onto orthogonal coordinate axes, and obtain mapped orthogonal coordinate axes as a target characteristic model.
It will be appreciated that the units described in the electrical signal based system monitoring apparatus 200 correspond to the various steps in the method described with reference to figure 1. Thus, the operations, features and resulting benefits described above with respect to the method are also applicable to the system monitoring apparatus 200 based on electrical signals and the units included therein, and are not described herein again.
Referring now to FIG. 3, a block diagram of an electronic device (e.g., server) 300 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic device in some embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle-mounted terminal (e.g., a car navigation terminal), and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 3, the electronic device 300 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 301 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage means 308 into a Random Access Memory (RAM) 303. In the RAM303, various programs and data necessary for the operation of the electronic apparatus 300 are also stored. The processing device 301, the ROM302, and the RAM303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Generally, the following devices may be connected to the I/O interface 305: input devices 306 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, or the like; an output device 307 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage devices 308 including, for example, magnetic tape, hard disk, etc.; and a communication device 309. The communication means 309 may allow the electronic device 300 to communicate wirelessly or by wire with other devices to exchange data. While fig. 3 illustrates an electronic device 300 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 3 may represent one device or may represent multiple devices, as desired.
In particular, according to some embodiments of the present disclosure, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In some such embodiments, the computer program may be downloaded and installed from a network through the communication device 309, or installed from the storage device 308, or installed from the ROM 302. The computer program, when executed by the processing apparatus 301, performs the above-described functions defined in the methods of some embodiments of the present disclosure.
It should be noted that the computer readable medium described in some embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: responding to a discrete magnitude signal of target industrial equipment acquired by a switching value distributor, and respectively sending the discrete magnitude signal to the target industrial equipment and a discrete magnitude sampling instrument; controlling the discrete magnitude sampling instrument to convert the discrete magnitude signal into a discrete magnitude master-slave communication protocol signal; acquiring an analog quantity signal of the target industrial equipment through an analog quantity distributor, and respectively sending the analog quantity signal to the target industrial equipment and an analog quantity sampling instrument; controlling the analog quantity sampling instrument to convert the analog quantity signal into an analog quantity master-slave communication protocol signal; converting the discrete magnitude master-slave communication protocol signal and the analog magnitude master-slave communication protocol signal into an Ethernet protocol through a protocol converter; performing feature extraction processing on the ethernet protocol to extract an information gain feature, wherein the information gain feature includes: length, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time of the internet interconnect protocol packet; and performing principal component analysis processing on the information gain characteristics to map the length, source address, destination address, transport layer protocol, control bit, port number, byte number, function code and frame time of the internet interconnection protocol data packet included in the information gain characteristics to an orthogonal coordinate axis to obtain a mapping orthogonal coordinate axis as a target characteristic model.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in some embodiments of the present disclosure may be implemented by software, and may also be implemented by hardware. The described units may also be provided in a processor, and may be described as: a processor comprises a sending unit, a first control unit, a collecting unit, a second control unit, a converting unit, an extracting unit and a mapping unit. The names of the units do not limit the units themselves in some cases, for example, the acquisition unit may also be described as a unit for acquiring the analog quantity signal of the target industrial equipment through the analog quantity distributor and sending the analog quantity signal to the target industrial equipment and the analog quantity sampler respectively.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems on a chip (SOCs), complex Programmable Logic Devices (CPLDs), and the like.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combinations of the above-mentioned features, and other embodiments in which the above-mentioned features or their equivalents are combined arbitrarily without departing from the spirit of the invention are also encompassed. For example, the above features and (but not limited to) the features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (8)

1. A method of electrical signal based system monitoring, comprising:
responding to a discrete quantity signal of target industrial equipment acquired by a switching value distributor, and respectively sending the discrete quantity signal to the target industrial equipment and a discrete quantity sampling instrument;
controlling the discrete magnitude sampling instrument to convert the discrete magnitude signal into a discrete magnitude master-slave communication protocol signal;
acquiring an analog quantity signal of the target industrial equipment through an analog quantity distributor, and respectively sending the analog quantity signal to the target industrial equipment and an analog quantity sampling instrument;
controlling the analog quantity sampling instrument to convert the analog quantity signal into an analog quantity master-slave communication protocol signal;
converting the discrete magnitude master-slave communication protocol signal and the analog magnitude master-slave communication protocol signal into an Ethernet protocol through a protocol converter;
performing feature extraction processing on the ethernet protocol to extract information gain features, wherein the information gain features include: length, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time of the internet interconnect protocol packet;
and performing principal component analysis processing on the information gain characteristics to map the length, source address, destination address, transport layer protocol, control bit, port number, byte number, function code and frame time of the internet interconnection protocol data packet included in the information gain characteristics to an orthogonal coordinate axis to obtain a mapping orthogonal coordinate axis as a target characteristic model.
2. The method of claim 1, wherein the method further comprises:
in response to receiving a discrete quantity input signal, determining whether a signal value of the discrete quantity input signal is within a discrete quantity input signal value interval corresponding to the target feature model;
in response to confirm the signal value of discrete magnitude input signal is not in the discrete magnitude input signal value interval, generate first equipment and damage detection information, and will first equipment damages detection information and sends to associated equipment maintenance terminal, wherein, first equipment damages detection information characterization and is right the discrete magnitude input device that discrete magnitude input signal corresponds maintains the detection.
3. The method of claim 1, wherein the method further comprises:
in response to receiving a discrete magnitude output signal, determining whether a signal value of the discrete magnitude output signal is within a discrete magnitude output signal value interval corresponding to the target feature model;
responding to the fact that the signal value of the discrete magnitude output signal is not in the discrete magnitude output signal value interval, generating first network protection prompt information, and sending the first network protection prompt information to an associated network protection terminal, wherein the first network protection prompt information represents that network protection is conducted on discrete magnitude output equipment corresponding to the discrete magnitude output signal.
4. The method of claim 1, wherein the method further comprises:
in response to receiving an analog quantity input signal, determining whether the signal value of the analog quantity input signal is within an analog quantity input signal value interval corresponding to the target characteristic model;
and in response to the fact that the signal value of the analog quantity input signal is determined not to be in the analog quantity input signal value interval, generating second equipment damage detection information, and sending the second equipment damage detection information to an associated equipment maintenance terminal, wherein the second equipment damage detection information represents maintenance detection on the analog quantity input equipment corresponding to the analog quantity input signal.
5. The method of claim 1, wherein the method further comprises:
in response to receiving an analog quantity output signal, determining whether a signal value of the analog quantity output signal is within an analog quantity output signal value interval corresponding to the target characteristic model;
and in response to the fact that the signal value of the analog quantity output signal is determined not to be within the analog quantity output signal value interval, generating second network protection prompt information, and sending the second network protection prompt information to an associated network protection terminal, wherein the second network protection prompt information represents that network protection is carried out on the analog quantity output equipment corresponding to the analog quantity output signal.
6. An electrical signal based system monitoring device comprising:
the transmitting unit is configured to respond to the discrete quantity signal acquired by the switching value distributor to the target industrial equipment and the discrete quantity sampling instrument, and respectively transmit the discrete quantity signal to the target industrial equipment and the discrete quantity sampling instrument;
a first control unit configured to control the discrete quantity sampler to convert the discrete quantity signal into a discrete quantity master-slave communication protocol signal;
the acquisition unit is configured to acquire an analog quantity signal of the target industrial equipment through an analog quantity distributor and send the analog quantity signal to the target industrial equipment and an analog quantity sampling instrument respectively;
the second control unit is configured to control the analog quantity sampler to convert the analog quantity signal into an analog quantity master-slave communication protocol signal;
a conversion unit configured to convert the discrete quantity master-slave communication protocol signal and the analog quantity master-slave communication protocol signal into an ethernet protocol through a protocol converter;
an extraction unit configured to perform feature extraction processing on the ethernet protocol to extract an information gain feature, wherein the information gain feature includes: length, source address, destination address, transport layer protocol, control bits, port number, number of bytes, function code and frame time of the internet protocol packet;
and the mapping unit is configured to perform principal component analysis processing on the information gain characteristics so as to map the length, the source address, the destination address, the transport layer protocol, the control bit, the port number, the byte number, the function code and the frame time of an internet interconnection protocol data packet included in the information gain characteristics to an orthogonal coordinate axis, and obtain a mapping orthogonal coordinate axis as a target characteristic model.
7. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-5.
8. A computer-readable medium, on which a computer program is stored, wherein the computer program, when being executed by a processor, carries out the method according to any one of claims 1-5.
CN202211629264.4A 2022-12-19 2022-12-19 System monitoring method, device, equipment and medium based on electric signals Active CN115623092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211629264.4A CN115623092B (en) 2022-12-19 2022-12-19 System monitoring method, device, equipment and medium based on electric signals

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211629264.4A CN115623092B (en) 2022-12-19 2022-12-19 System monitoring method, device, equipment and medium based on electric signals

Publications (2)

Publication Number Publication Date
CN115623092A CN115623092A (en) 2023-01-17
CN115623092B true CN115623092B (en) 2023-02-28

Family

ID=84879922

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211629264.4A Active CN115623092B (en) 2022-12-19 2022-12-19 System monitoring method, device, equipment and medium based on electric signals

Country Status (1)

Country Link
CN (1) CN115623092B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005050433A1 (en) * 2003-11-19 2005-06-02 National Institute Of Information And Communications Technology Analog signal i/o system utilizing network circuit
CN201936155U (en) * 2010-11-11 2011-08-17 北京航天正信科技有限公司 Online monitoring system for bus ventilator based on MODBUS-RTU (remote terminal unit)
CN105869385A (en) * 2016-05-17 2016-08-17 华南理工大学 Electrical power system data acquisition and transmission on-chip system supporting IEC61850
CN106773892A (en) * 2016-11-09 2017-05-31 北京许继电气有限公司 The digital and analogue signals harvester of industry is equipped towards electrician
CN109582636B (en) * 2018-11-21 2023-03-10 科大智能电气技术有限公司 Data acquisition processing method of power distribution device based on DSP
CN215599682U (en) * 2021-02-03 2022-01-21 江苏东华测试技术股份有限公司 On-line monitoring acquisition instrument based on platform framework form

Also Published As

Publication number Publication date
CN115623092A (en) 2023-01-17

Similar Documents

Publication Publication Date Title
US20120324271A1 (en) Fault processing system
CN111930709B (en) Data storage method, apparatus, electronic device, and computer readable medium
CN115640285B (en) Power abnormality information transmission method, device, electronic equipment and medium
CN112995712A (en) Method, device and equipment for determining stuck factors and storage medium
CN115412370B (en) Vehicle communication data detection method and device, electronic equipment and readable medium
CN115471307A (en) Audit evaluation information generation method and device based on knowledge graph and electronic equipment
CN115623092B (en) System monitoring method, device, equipment and medium based on electric signals
CN110781066B (en) User behavior analysis method, device, equipment and storage medium
CN111708680A (en) Error reporting information analysis method and device, electronic equipment and storage medium
CN115622963A (en) Message detection method, device, equipment and medium based on industrial switch
CN111628913B (en) Online time length determining method and device, readable medium and electronic equipment
CN113094272B (en) Application testing method, device, electronic equipment and computer readable medium
CN115102992A (en) Data distribution method and device, electronic equipment and computer readable medium
CN115913683B (en) Risk access record generation method, apparatus, device and storage medium
CN115632995B (en) Data feature extraction method, equipment and computer medium for industrial control network
CN112668194B (en) Automatic driving scene library information display method, device and equipment based on page
CN115550464B (en) System monitoring method based on industrial internet cloud platform, electronic equipment and medium
CN116881974B (en) Data processing method and device based on data acquisition request and electronic equipment
CN113765692B (en) Current limiting method, device, electronic equipment and computer readable medium
CN111274150B (en) Service instance access method and device and electronic equipment
CN115801447B (en) Industrial safety-based flow analysis method and device and electronic equipment
CN112364284B (en) Method and device for detecting abnormality based on context and related product
CN111404890B (en) Flow data detection method, system, storage medium and electronic device
CN115604147A (en) Industrial control network-based host testing method, device, equipment and computer medium
CN118074960A (en) Industrial Internet information encryption method, device, equipment and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant