CN116112243B - Industrial control system intelligent computer physical intrusion detection defense system and method - Google Patents

Abstract

The invention provides an intelligent computer physical intrusion detection defense system and method of an industrial control system, comprising the following steps: physical information collecting subsystem: the system is used for collecting physical information according to requirements and analyzing and processing the collected information; physical intrusion detection subsystem: detecting the physical information after analysis; physical intrusion prevention subsystem: a computer network complete device for monitoring network or network equipment network data transmission behavior is capable of instantaneously interrupting, adjusting or isolating some abnormal or damaging network data transmission behavior.

Description

Industrial control system intelligent computer physical intrusion detection defense system and method

Technical Field

The invention relates to the technical field of industrial control intelligent computer physical intrusion detection defense, in particular to an intelligent computer physical intrusion detection defense system and method of an industrial control system.

Background

At present, there are a plurality of uncertain factors in the computer physical intrusion detection defense system, for example: how to collect the physical information according to the requirement, analyze the physical information, detect the physical information after analyzing, monitor the network or network equipment network data transmission behavior, interrupt immediately, adjust or isolate some abnormal or harmful network data transmission behavior; how to collect and acquire the physical information of the computer, the existing normal physical information, the existing intrusion physical information and the like is still to be further solved; accordingly, there is a need for an industrial control system intelligent computer physical intrusion detection defense system and method that at least partially addresses the problems of the prior art.

Disclosure of Invention

A series of concepts in simplified form are introduced in the summary section, which will be described in further detail in the detailed description section; the summary of the invention is not intended to define the key features and essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.

To at least partially solve the above problems, the present invention provides an intelligent computer physical intrusion detection defense system of an industrial control system, comprising:

physical information collecting subsystem: the system is used for collecting physical information according to requirements and analyzing and processing the collected information;

physical intrusion detection subsystem: detecting the physical information after analysis;

physical intrusion prevention subsystem: a computer network complete device for monitoring network or network equipment network data transmission behavior is capable of instantaneously interrupting, adjusting or isolating some abnormal or damaging network data transmission behavior.

Preferably, the physical information collecting subsystem includes:

physical information acquisition subsystem: the method comprises the steps of acquiring physical information of a computer through big data collection; the computer physical information includes: existing normal physical information and existing intrusion physical information;

physical information analysis subsystem: and analyzing the received physical information, further decomposing and associating attribute relations, decomposing the complex physical information into simplified component information, determining information basic attributes and attribute interrelationships of the simplified component information, and performing deep identification analysis on the physical information.

Preferably, the physical intrusion detection subsystem comprises:

physical information storage subsystem: the data analyzed by the physical information analysis subsystem is stored, so that the subsequent extraction or application is facilitated;

and the physical information calculation and judgment subsystem is as follows: the information processed by the physical information analysis subsystem is subjected to formula calculation to judge whether the information is invasive physical information;

physical information transmission subsystem: when the physical information calculation judging subsystem judges that the physical information is invasive physical information, the physical information transmission subsystem transmits the physical information to the defending system, and prompts the defending system to intercept or destroy the physical information in advance.

Preferably, the physical intrusion prevention subsystem includes:

primary defense subsystem: when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily;

medium-level defense subsystem: performing secondary interception on the intrusion type physical information which is not intercepted by the primary defense subsystem, and simplifying more complex information;

defending the final subsystem: and the method is responsible for finally intercepting and destroying the invasion type physical information which is not intercepted by the first two defense systems.

Preferably, the physical information calculation judgment subsystem includes:

control parameter input subsystem: and the physical information calculation and judgment subsystem control subsystem: the whole physical information calculation and judgment subsystem is controlled, and the physical information is calculated by issuing an instruction from the physical information calculation and judgment subsystem;

and a control parameter output subsystem: and calculating through an equation set, and further judging whether the physical information is invasive physical information.

Preferably, the physical information storage subsystem includes:

paging multi-level memory module: managing all physical information storage hierarchical data in the physical information storage subsystem in units of pages;

system multi-level partition module: an index node area and a multi-level storage area are arranged in a physical information storage subsystem; the multi-level memory area includes a directory page and a multi-level memory page

Storing physical addresses of a next-stage directory page or a multi-stage storage page in a multi-stage page table structure, wherein the multi-stage storage page is used for storing physical information storage sub-data; the multi-level storage pages and the directory pages are arranged in a mixed way in the multi-level storage area; the index node stored in the index node area comprises an index node information field, a page table progression field N and a root directory address field; the page table series field N is used for identifying the page table series adopted by the data stored in the physical information storage sub-unit, and the root directory page address field is used for storing the initial physical address of the N-th directory page of the physical information storage sub-unit;

storage management space mapping module: taking the page number of an N-level directory page corresponding to the physical information storage sub as a root directory, taking the page number of an N-1-level directory page as a 1-level sub-directory, and so on, forming an N-level page table directory structure to store and manage the physical information storage hierarchical data, wherein the 1-level directory page is a multi-level storage page; the root directory stores the physical address of the directory page corresponding to the level 1 directory; the 1 st level subdirectory stores the physical address of the directory page corresponding to the 2 nd level subdirectory; similarly, the N-2 level subdirectory stores the physical address of the directory page corresponding to the N-1 level subdirectory; taking the logic sequence of the multi-level memory pages as the traversing sequence of the multi-level page table directory structure; opening the accessed physical information storage subsystem based on the request of the application process; based on page table series field adopted by the accessed physical information storage sub, calculating maximum capacity of multi-stage storage which can be stored by a single physical information storage sub corresponding to the page table series; determining an application process catalog item corresponding to the mounting physical information storage sub-page table based on the maximum capacity; in the address space of the application process, according to the determined alignment mode of the directory entries of the application process, a virtual address space with the same capacity as the maximum capacity is allocated for the accessed physical information storage sub at one time; and mounting the accessed physical information storage sub page table to the determined corresponding directory entry of the application process, and establishing a mapping relation between the physical information storage hierarchical data and the address space of the application process so as to realize the random access of the application process to the physical information storage hierarchical data.

Preferably, the primary defense subsystem comprises:

a firewall: the system is connected with the physical information transmission subsystem, detects the physical information and filters the data information with potential safety hazards;

CSU device: the router is connected with the physical information transmission subsystem and is used for acquiring the physical information of the physical information transmission subsystem and sending the physical information to the router;

routing equipment: is connected with CSU equipment and firewall for storing physical information and forwarding packets to the firewall.

Preferably, the intermediate defense subsystem comprises:

gateway secondary detection unit: the device is connected with the firewall and is used for receiving the physical information filtered by the firewall and detecting the physical information filtered by the firewall;

an information filter: filtering data information with potential safety hazards and outputting the data information to a defense terminal subsystem;

gateway secondary detection unit controller: and the physical information re-detection unit is used for controlling the gateway secondary detection unit.

Preferably, the defending terminal subsystem includes:

and (3) a recoverer: the system is used for filtering the physical information filtered by the medium-level defense subsystem;

an information processor: and recycling and destroying the remaining physical information which cannot be filtered.

The intelligent computer physical intrusion detection defense method of the industrial control system comprises the following steps:

s001, the physical information acquisition subsystem acquires the physical information of the computer through big data collection;

s002, the physical information analysis subsystem analyzes the received physical information, further analyzes and associates attribute relations, decomposes complex physical information into simplified composition information, determines information basic attributes and attribute interrelationships of the simplified composition information, and performs deep identification analysis on the physical information;

s003, the physical information storage subsystem stores the data analyzed by the physical information analysis subsystem;

s004, the physical information calculation judging subsystem calculates a formula of the information processed by the physical information analysis subsystem, and judges whether the information is invasive physical information;

s005, the control subsystem of the physical information calculation judgment subsystem controls the whole physical information calculation judgment subsystem, and calculates physical information by issuing an instruction from the physical information calculation judgment subsystem;

s006, the control parameter output subsystem calculates through an equation set and further judges whether the physical information is invasive physical information or not;

s007, when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily;

s008, the secondary interception is carried out on the intrusion type physical information which is not intercepted by the primary defense subsystem by the intermediate defense subsystem, and more complex information is simplified;

s009, the defense terminal subsystem finally intercepts the intrusion type physical information which is not intercepted by the defense system in the previous two times and destroys the intrusion type physical information.

Compared with the prior art, the invention at least comprises the following beneficial effects:

the invention provides an intelligent computer physical intrusion detection defense system and method of an industrial control system, which comprises the following steps of: after the physical information is collected according to the requirements, analyzing and processing the collected information; physical intrusion detection subsystem: detecting the physical information after analysis; physical intrusion prevention subsystem: computer network complete equipment for monitoring network or network equipment network data transmission behavior can interrupt, adjust or isolate some abnormal or harmful network data transmission behavior in real time; the physical information collecting subsystem comprises: physical information acquisition subsystem: the method comprises the steps of acquiring physical information of a computer through big data collection; the computer physical information includes: existing normal physical information and existing intrusion physical information; physical information analysis subsystem: analyzing the received physical information, further decomposing and associating attribute relations, decomposing complex physical information into simplified composition information, determining information basic attributes and attribute interrelationships of the simplified composition information, and performing deep identification analysis on the physical information; the physical information collecting subsystem further includes: physical information storage subsystem: the data analyzed by the physical information analysis subsystem is stored, so that the subsequent extraction or application is facilitated; and the physical information calculation and judgment subsystem is as follows: the information processed by the physical information analysis subsystem is subjected to formula calculation to judge whether the information is invasive physical information; physical information transmission subsystem: when the physical information calculation judging subsystem judges that the physical information is invasive physical information, the physical information transmission subsystem transmits the physical information to the defending system, and prompts the defending system to prepare to intercept or destroy the physical information in advance; the physical intrusion prevention subsystem comprises: primary defense subsystem: when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily; medium-level defense subsystem: performing secondary interception on the intrusion type physical information which is not intercepted by the primary defense subsystem, and simplifying more complex information; defending the final subsystem: the method is in charge of finally intercepting and destroying the intrusion type physical information which is not intercepted by the first two defense systems; the physical information calculation and judgment subsystem comprises: control parameter input subsystem: and the physical information calculation and judgment subsystem control subsystem: the whole physical information calculation and judgment subsystem is controlled, and the physical information is calculated by issuing an instruction from the physical information calculation and judgment subsystem; and a control parameter output subsystem: calculating through an equation set, and further judging whether the physical information is invasive physical information; the accuracy of detection and judgment of the invasive physical information is further greatly improved; the hierarchical diversity and progressive security of the physical information storage are improved; and the system defense capability and the physical information processing safety are improved.

Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.

Drawings

The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:

FIG. 1 is a diagram of an intelligent computer physical intrusion detection and prevention system for an industrial control system according to the present invention.

FIG. 2 is a diagram of an intelligent computer physical intrusion detection and prevention system for an industrial control system according to an embodiment of the present invention.

FIG. 3 is a diagram of another embodiment of the intelligent computer physical intrusion detection defenses for an industrial control system of the present invention.

Detailed Description

The present invention is described in further detail below with reference to the drawings and examples to enable those skilled in the art to practice the same and to refer to the description; as shown in fig. 1-3, the present invention provides an intelligent computer physical intrusion detection and prevention system for an industrial control system, comprising:

physical information collecting subsystem: the system is used for collecting physical information according to requirements and analyzing and processing the collected information;

physical intrusion detection subsystem: detecting the physical information after analysis;

physical intrusion prevention subsystem: a computer network complete device for monitoring network or network equipment network data transmission behavior is capable of instantaneously interrupting, adjusting or isolating some abnormal or damaging network data transmission behavior.

The principle effect of the technical scheme is as follows: the invention provides an intelligent computer physical intrusion detection defense system of an industrial control system, which comprises a physical information collection subsystem: the system is used for collecting physical information according to requirements and analyzing and processing the collected information; physical intrusion detection subsystem: detecting the physical information after analysis; physical intrusion prevention subsystem: computer network complete equipment for monitoring network or network equipment network data transmission behavior, which can interrupt, adjust or isolate some abnormal or harmful network data transmission behavior in real time; the physical information collecting subsystem comprises: physical information acquisition subsystem: the method comprises the steps of acquiring physical information of a computer through big data collection; the computer physical information includes: existing normal physical information and existing intrusion physical information; physical information analysis subsystem: analyzing the received physical information, further decomposing and associating attribute relations, decomposing complex physical information into simplified composition information, determining information basic attributes and attribute interrelationships of the simplified composition information, and performing deep identification analysis on the physical information; the physical information collecting subsystem further includes: physical information storage subsystem: the data analyzed by the physical information analysis subsystem is stored, so that the subsequent extraction or application is facilitated; and the physical information calculation and judgment subsystem is as follows: the information processed by the physical information analysis subsystem is subjected to formula calculation to judge whether the information is invasive physical information; physical information transmission subsystem: when the physical information calculation judging subsystem judges that the physical information is invasive physical information, the physical information transmission subsystem transmits the physical information to the defending system, and prompts the defending system to prepare to intercept or destroy the physical information in advance; the physical intrusion prevention subsystem comprises: primary defense subsystem: when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily; medium-level defense subsystem: performing secondary interception on the intrusion type physical information which is not intercepted by the primary defense subsystem, and simplifying more complex information; defending the final subsystem: the method is in charge of finally intercepting and destroying the intrusion type physical information which is not intercepted by the first two defense systems; the physical information calculation and judgment subsystem comprises: control parameter input subsystem: and the physical information calculation and judgment subsystem control subsystem: the whole physical information calculation and judgment subsystem is controlled, and the physical information is calculated by issuing an instruction from the physical information calculation and judgment subsystem; and a control parameter output subsystem: calculating through an equation set, and further judging whether the physical information is invasive physical information; the accuracy of detection and judgment of the invasive physical information is further greatly improved; the hierarchical diversity and progressive security of the physical information storage are improved; and the system defense capability and the physical information processing safety are improved.

In one embodiment, the physical information gathering subsystem includes:

physical information acquisition subsystem: the method comprises the steps of acquiring physical information of a computer through big data collection; the computer physical information includes: existing normal physical information and existing intrusion physical information;

physical information analysis subsystem: and analyzing the received physical information, further decomposing and associating attribute relations, decomposing the complex physical information into simplified component information, determining information basic attributes and attribute interrelationships of the simplified component information, and performing deep identification analysis on the physical information.

The principle effect of the technical scheme is as follows: the physical information collecting subsystem comprises: physical information acquisition subsystem: the method comprises the steps of acquiring physical information of a computer through big data collection; the computer physical information includes: existing normal physical information and existing intrusion physical information; physical information analysis subsystem: analyzing the received physical information, further decomposing and associating attribute relations, decomposing complex physical information into simplified composition information, determining information basic attributes and attribute interrelationships of the simplified composition information, and performing deep identification analysis on the physical information; the physical information collection is used for acquiring the existing normal physical information and the existing invasion physical information of the computer physical information through big data collection; the physical information analysis further analyzes and associates attribute relations by analyzing the received and collected physical information, decomposes complex physical information into simplified composition information, determines information basic attributes and attribute interrelationships of the simplified composition information, and performs deep identification analysis on the physical information; greatly improves the analysis efficiency and the analysis hierarchy depth of the physical information.

In one embodiment, a physical intrusion detection subsystem includes:

physical information storage subsystem: the data analyzed by the physical information analysis subsystem is stored, so that the subsequent extraction or application is facilitated;

and the physical information calculation and judgment subsystem is as follows: the information processed by the physical information analysis subsystem is subjected to formula calculation to judge whether the information is invasive physical information;

physical information transmission subsystem: when the physical information calculation judging subsystem judges that the physical information is invasive physical information, the physical information transmission subsystem transmits the physical information to the defending system, and prompts the defending system to intercept or destroy the physical information in advance.

The principle effect of the technical scheme is as follows: the physical intrusion detection subsystem comprises: physical information storage subsystem: the data analyzed by the physical information analysis subsystem is stored, so that the subsequent extraction or application is facilitated; and the physical information calculation and judgment subsystem is as follows: the information processed by the physical information analysis subsystem is subjected to formula calculation to judge whether the information is invasive physical information; physical information transmission subsystem: when the physical information calculation judging subsystem judges that the physical information is invasive physical information, the physical information transmission subsystem transmits the physical information to the defending system, and prompts the defending system to prepare to intercept or destroy the physical information in advance; and the physical intrusion detection accuracy and the interception and destruction efficiency are improved.

In one embodiment, the physical intrusion prevention subsystem comprises:

primary defense subsystem: when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily;

medium-level defense subsystem: performing secondary interception on the intrusion type physical information which is not intercepted by the primary defense subsystem, and simplifying more complex information;

defending the final subsystem: and the method is responsible for finally intercepting and destroying the invasion type physical information which is not intercepted by the first two defense systems.

The principle effect of the technical scheme is as follows: the physical intrusion prevention subsystem comprises: primary defense subsystem: when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily; medium-level defense subsystem: performing secondary interception on the intrusion type physical information which is not intercepted by the primary defense subsystem, and simplifying more complex information; defending the final subsystem: the method is in charge of finally intercepting and destroying the intrusion type physical information which is not intercepted by the first two defense systems; the two defenses and the final interception further increase the reliability of defensive interception.

In one embodiment, the physical information calculation judgment subsystem includes:

control parameter input subsystem: and the physical information calculation and judgment subsystem control subsystem: the whole physical information calculation and judgment subsystem is controlled, and the physical information is calculated by issuing an instruction from the physical information calculation and judgment subsystem;

and a control parameter output subsystem: and calculating through an equation set, and further judging whether the physical information is invasive physical information.

The principle effect of the technical scheme is as follows: the physical information calculation and judgment subsystem comprises: control parameter input subsystem: and the physical information calculation and judgment subsystem control subsystem: the whole physical information calculation and judgment subsystem is controlled, and the physical information is calculated by issuing an instruction from the physical information calculation and judgment subsystem;

and a control parameter output subsystem: calculating through an equation set, and further judging whether the physical information is invasive physical information;

calculating and further judging whether the physical information is invasive physical information through the following equation:

DKDEx represents a re-detection characteristic value obtained by re-detection of physical information after firewall filtering, qsc represents an initial characteristic value of the physical information after firewall filtering, ex represents a re-detection transformation constant factor, GS (e, f) D represents a D-dimensional Gaussian random variable with mathematical expectation of e and variance of f, log sig represents a logarithmic S-shaped transfer function formula, M represents the maximum number of times of re-detection cycle calculation, M represents the current number of times of re-detection cycle calculation, lx represents the slope of the logarithmic S-shaped transfer function, and RAND represents a random real number selected in a [0,1] interval; calculating a re-detection characteristic value obtained by re-detecting the physical information filtered by the firewall according to the equation set, further judging whether the re-detection characteristic value belongs to the characteristic value range of the invasive physical information, and judging the physical information as the invasive physical information if the re-detection characteristic value belongs to the characteristic value range of the invasive physical information; further greatly improving the accuracy of detection and judgment of the invasive physical information.

In one embodiment, the physical information storage subsystem includes:

paging multi-level memory module: managing all physical information storage hierarchical data in the physical information storage subsystem in units of pages;

system multi-level partition module: an index node area and a multi-level storage area are arranged in a physical information storage subsystem; the multi-level storage area comprises a directory page and a multi-level storage page, the directory page is used for storing the physical address of the next-level directory page or the multi-level storage page in the multi-level page table structure, and the multi-level storage page is used for storing the physical information storage sub-data; the multi-level storage pages and the directory pages are arranged in a mixed way in the multi-level storage area; the index node stored in the index node area comprises an index node information field, a page table progression field N and a root directory address field; the page table series field N is used for identifying the page table series adopted by the data stored in the physical information storage sub-unit, and the root directory page address field is used for storing the initial physical address of the N-th directory page of the physical information storage sub-unit;

storage management space mapping module: taking the page number of an N-level directory page corresponding to the physical information storage sub as a root directory, taking the page number of an N-1-level directory page as a 1-level sub-directory, and so on, forming an N-level page table directory structure to store and manage the physical information storage hierarchical data, wherein the 1-level directory page is a multi-level storage page; the root directory stores the physical address of the directory page corresponding to the level 1 directory; the 1 st level subdirectory stores the physical address of the directory page corresponding to the 2 nd level subdirectory; similarly, the N-2 level subdirectory stores the physical address of the directory page corresponding to the N-1 level subdirectory; taking the logic sequence of the multi-level memory pages as the traversing sequence of the multi-level page table directory structure; opening the accessed physical information storage subsystem based on the request of the application process; based on page table series field adopted by the accessed physical information storage sub, calculating maximum capacity of multi-stage storage which can be stored by a single physical information storage sub corresponding to the page table series; determining an application process catalog item corresponding to the mounting physical information storage sub-page table based on the maximum capacity; in the address space of the application process, according to the determined alignment mode of the directory entries of the application process, a virtual address space with the same capacity as the maximum capacity is allocated for the accessed physical information storage sub at one time; and mounting the accessed physical information storage sub page table to the determined corresponding directory entry of the application process, and establishing a mapping relation between the physical information storage hierarchical data and the address space of the application process so as to realize the random access of the application process to the physical information storage hierarchical data.

The principle effect of the technical scheme is as follows: the physical information storage subsystem includes: paging multi-level memory module: managing all physical information storage hierarchical data in the physical information storage subsystem in units of pages; system multi-level partition module: an index node area and a multi-level storage area are arranged in a physical information storage subsystem; the multi-level storage area comprises a directory page and a multi-level storage page, the directory page is used for storing the physical address of the next-level directory page or the multi-level storage page in the multi-level page table structure, and the multi-level storage page is used for storing the physical information storage sub-data; the multi-level storage pages and the directory pages are arranged in a mixed way in the multi-level storage area; the index node stored in the index node area comprises an index node information field, a page table progression field N and a root directory address field; the page table series field N is used for identifying the page table series adopted by the data stored in the physical information storage sub-unit, and the root directory page address field is used for storing the initial physical address of the N-th directory page of the physical information storage sub-unit; storage management space mapping module: taking the page number of an N-level directory page corresponding to the physical information storage sub as a root directory, taking the page number of an N-1-level directory page as a 1-level sub-directory, and so on, forming an N-level page table directory structure to store and manage the physical information storage hierarchical data, wherein the 1-level directory page is a multi-level storage page; the root directory stores the physical address of the directory page corresponding to the level 1 directory; the 1 st level subdirectory stores the physical address of the directory page corresponding to the 2 nd level subdirectory; similarly, the N-2 level subdirectory stores the physical address of the directory page corresponding to the N-1 level subdirectory; taking the logic sequence of the multi-level memory pages as the traversing sequence of the multi-level page table directory structure; opening the accessed physical information storage subsystem based on the request of the application process; based on page table series field adopted by the accessed physical information storage sub, calculating maximum capacity of multi-stage storage which can be stored by a single physical information storage sub corresponding to the page table series; determining an application process catalog item corresponding to the mounting physical information storage sub-page table based on the maximum capacity; in the address space of the application process, according to the determined alignment mode of the directory entries of the application process, a virtual address space with the same capacity as the maximum capacity is allocated for the accessed physical information storage sub at one time; the accessed physical information storage sub page table is mounted to the corresponding directory entry of the determined application process, and a mapping relation between the physical information storage hierarchical data and the address space of the application process is established so as to realize the random access of the application process to the physical information storage hierarchical data; and the hierarchical diversity and progressive security of the physical information storage are improved.

In one embodiment, the primary defense subsystem includes:

a firewall: the system is connected with the physical information transmission subsystem, detects the physical information and filters the data information with potential safety hazards;

CSU device: the router is connected with the physical information transmission subsystem and is used for acquiring the physical information of the physical information transmission subsystem and sending the physical information to the router;

routing equipment: is connected with CSU equipment and firewall for storing physical information and forwarding packets to the firewall.

The principle effect of the technical scheme is as follows: the primary defense subsystem includes: a firewall: the system is connected with the physical information transmission subsystem, detects the physical information and filters the data information with potential safety hazards; CSU device: the router is connected with the physical information transmission subsystem and is used for acquiring the physical information of the physical information transmission subsystem and sending the physical information to the router; routing equipment: the system is connected with CSU equipment and a firewall and is used for storing physical information and forwarding packets to the firewall; the CSU equipment comprises channel service equipment; and acquiring the physical information of the physical information transmission subsystem, improving the storage and forwarding of the packets to the firewall, and reducing the potential safety hazard.

In one embodiment, the mid-level defense subsystem includes:

gateway secondary detection unit: the device is connected with the firewall and is used for receiving the physical information filtered by the firewall and detecting the physical information filtered by the firewall;

an information filter: filtering data information with potential safety hazards and outputting the data information to a defense terminal subsystem;

gateway secondary detection unit controller: and the physical information re-detection unit is used for controlling the gateway secondary detection unit.

The principle effect of the technical scheme is as follows: the intermediate defense subsystem comprises: gateway secondary detection unit: the device is connected with the firewall and is used for receiving the physical information filtered by the firewall and detecting the physical information filtered by the firewall; an information filter: filtering data information with potential safety hazards and outputting the data information to a defense terminal subsystem; gateway secondary detection unit controller: the physical information re-detection unit is used for controlling the gateway secondary detection unit; and multi-level detection and accurate control can be performed.

In one embodiment, the defending terminal subsystem includes:

and (3) a recoverer: the system is used for filtering the physical information filtered by the medium-level defense subsystem;

an information processor: and recycling and destroying the remaining physical information which cannot be filtered.

The principle effect of the technical scheme is as follows: the defending terminal subsystem includes: and (3) a recoverer: the system is used for filtering the physical information filtered by the medium-level defense subsystem; an information processor: recycling and destroying the rest physical information which cannot be filtered; the filtered physical information can be filtered again; recycling and destroying the rest physical information which cannot be filtered; and the system defense capability and the physical information processing safety are improved.

The intelligent computer physical intrusion detection defense method of the industrial control system comprises the following steps:

s001, the physical information acquisition subsystem acquires the physical information of the computer through big data collection;

s002, the physical information analysis subsystem analyzes the received physical information, further analyzes and associates attribute relations, decomposes complex physical information into simplified composition information, determines information basic attributes and attribute interrelationships of the simplified composition information, and performs deep identification analysis on the physical information;

s003, the physical information storage subsystem stores the data analyzed by the physical information analysis subsystem;

s004, the physical information calculation judging subsystem calculates a formula of the information processed by the physical information analysis subsystem, and judges whether the information is invasive physical information;

s005, the control subsystem of the physical information calculation judgment subsystem controls the whole physical information calculation judgment subsystem, and calculates physical information by issuing an instruction from the physical information calculation judgment subsystem;

s006, the control parameter output subsystem calculates through an equation set and further judges whether the physical information is invasive physical information or not;

s007, when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily;

s008, the secondary interception is carried out on the intrusion type physical information which is not intercepted by the primary defense subsystem by the intermediate defense subsystem, and more complex information is simplified;

s009, the defense terminal subsystem finally intercepts the intrusion type physical information which is not intercepted by the defense system in the previous two times and destroys the intrusion type physical information.

The principle effect of the technical scheme is as follows: the intelligent computer physical intrusion detection defense method of the industrial control system can acquire the computer physical information through the physical information acquisition subsystem through big data collection; analyzing the received and collected physical information, further decomposing and associating attribute relations, decomposing complex physical information into simplified component information, determining information basic attributes and attribute interrelationships of the simplified component information, and performing deep identification analysis on the physical information; the physical information storage subsystem stores the data analyzed by the physical information analysis subsystem; the physical information calculation judging subsystem calculates a formula of the information processed by the physical information analysis subsystem and judges whether the information is invasive physical information; the physical information calculation and judgment subsystem control subsystem controls the whole physical information calculation and judgment subsystem, and calculates physical information by issuing an instruction from the physical information calculation and judgment subsystem; the control parameter output subsystem calculates through an equation set and further judges whether the physical information is invasive physical information or not; when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily; the intermediate-level defense subsystem performs secondary interception on the intrusion type physical information which is not intercepted by the primary defense subsystem, and simplifies more complex information; the defending terminal subsystem finally intercepts the non-intercepted invasive physical information of the first two defending systems and destroys the non-intercepted invasive physical information; the accuracy of detection and judgment of the invasive physical information is further greatly improved; the hierarchical diversity and progressive security of the physical information storage are improved; and the system defense capability and the physical information processing safety are improved.

Although embodiments of the present invention have been disclosed above, it is not limited to the details and embodiments shown and described, it is well suited to various fields of use for which the invention would be readily apparent to those skilled in the art, and accordingly, the invention is not limited to the specific details and illustrations shown and described herein, without departing from the general concepts defined in the claims and their equivalents.

Claims (8)

1. The intelligent computer physical intrusion detection defense system of the industrial control system is characterized in that: comprising the following steps:

physical information collecting subsystem: the system is used for collecting physical information according to requirements and analyzing and processing the collected information;

physical intrusion detection subsystem: detecting the physical information after analysis;

physical intrusion prevention subsystem: computer network complete equipment for monitoring network or network equipment network data transmission behavior, which can interrupt, adjust or isolate some abnormal or harmful network data transmission behavior in real time;

the physical information collecting subsystem comprises:

physical information acquisition subsystem: the method comprises the steps of acquiring physical information of a computer through big data collection; the computer physical information includes: existing normal physical information and existing intrusion physical information;

physical information analysis subsystem: analyzing the received physical information, further decomposing and associating attribute relations, decomposing complex physical information into simplified composition information, determining information basic attributes and attribute interrelationships of the simplified composition information, and performing deep identification analysis on the physical information;

the physical intrusion detection subsystem comprises a physical information storage subsystem; the physical information storage subsystem comprises:

paging multi-level memory module: managing all physical information storage hierarchical data in the physical information storage subsystem in units of pages;

system multi-level partition module: an index node area and a multi-level storage area are arranged in a physical information storage subsystem; the multi-level storage area comprises a directory page and a multi-level storage page, the directory page is used for storing the physical address of the next-level directory page or the multi-level storage page in the multi-level page table structure, and the multi-level storage page is used for storing the physical information storage sub-data; the multi-level storage pages and the directory pages are arranged in a mixed way in the multi-level storage area; the index node stored in the index node area comprises an index node information field, a page table progression field N and a root directory address field; the page table series field N is used for identifying the page table series adopted by the data stored in the physical information storage sub-unit, and the root directory page address field is used for storing the initial physical address of the N-th directory page of the physical information storage sub-unit;

storage management space mapping module: taking the page number of an N-level directory page corresponding to the physical information storage sub as a root directory, taking the page number of an N-1-level directory page as a 1-level sub-directory, and so on, forming an N-level page table directory structure to store and manage the physical information storage hierarchical data, wherein the 1-level directory page is a multi-level storage page; the root directory stores the physical address of the directory page corresponding to the level 1 directory; the 1 st level subdirectory stores the physical address of the directory page corresponding to the 2 nd level subdirectory; similarly, the N-2 level subdirectory stores the physical address of the directory page corresponding to the N-1 level subdirectory; taking the logic sequence of the multi-level memory pages as the traversing sequence of the multi-level page table directory structure; opening the accessed physical information storage subsystem based on the request of the application process; based on page table series field adopted by the accessed physical information storage sub, calculating maximum capacity of multi-stage storage which can be stored by a single physical information storage sub corresponding to the page table series; determining an application process catalog item corresponding to the mounting physical information storage sub-page table based on the maximum capacity; in the address space of the application process, according to the determined alignment mode of the directory entries of the application process, a virtual address space with the same capacity as the maximum capacity is allocated for the accessed physical information storage sub at one time; and mounting the accessed physical information storage sub page table to the determined corresponding directory entry of the application process, and establishing a mapping relation between the physical information storage hierarchical data and the address space of the application process so as to realize the random access of the application process to the physical information storage hierarchical data.

2. The industrial control system intelligent computer physical intrusion detection defense system of claim 1, wherein: the physical intrusion detection subsystem comprises:

physical information storage subsystem: the data analyzed by the physical information analysis subsystem is stored, so that the subsequent extraction or application is facilitated;

and the physical information calculation and judgment subsystem is as follows: the information processed by the physical information analysis subsystem is subjected to formula calculation to judge whether the information is invasive physical information;

physical information transmission subsystem: when the physical information calculation judging subsystem judges that the physical information is invasive physical information, the physical information transmission subsystem transmits the physical information to the defending system, and prompts the defending system to intercept or destroy the physical information in advance.

3. The industrial control system intelligent computer physical intrusion detection defense system of claim 1, wherein: the physical intrusion prevention subsystem comprises:

primary defense subsystem: when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily;

medium-level defense subsystem: performing secondary interception on the intrusion type physical information which is not intercepted by the primary defense subsystem, and simplifying more complex information;

defending the final subsystem: and the method is responsible for finally intercepting and destroying the invasion type physical information which is not intercepted by the first two defense systems.

4. The industrial control system intelligent computer physical intrusion detection defense system of claim 1, wherein: the physical information calculation and judgment subsystem comprises:

control parameter input subsystem: the whole physical information calculation and judgment subsystem is controlled, and the physical information is calculated by issuing an instruction from the physical information calculation and judgment subsystem;

and a control parameter output subsystem: and calculating through an equation set, and further judging whether the physical information is invasive physical information.

5. The industrial control system intelligent computer physical intrusion detection defense system of claim 2, wherein: the primary defense subsystem includes:

a firewall: the system is connected with the physical information transmission subsystem, detects the physical information and filters the data information with potential safety hazards;

CSU device: the router is connected with the physical information transmission subsystem and is used for acquiring the physical information of the physical information transmission subsystem and sending the physical information to the router;

routing equipment: is connected with CSU equipment and firewall for storing physical information and forwarding packets to the firewall.

6. The industrial control system intelligent computer physical intrusion detection defense system of claim 2, wherein: the intermediate defense subsystem comprises:

gateway secondary detection unit: the device is connected with the firewall and is used for receiving the physical information filtered by the firewall and detecting the physical information filtered by the firewall;

an information filter: filtering data information with potential safety hazards and outputting the data information to a defense terminal subsystem;

gateway secondary detection unit controller: and the physical information re-detection unit is used for controlling the gateway secondary detection unit.

7. The industrial control system intelligent computer physical intrusion detection defense system of claim 2, wherein: the defending terminal subsystem includes:

and (3) a recoverer: the system is used for filtering the physical information filtered by the medium-level defense subsystem;

an information processor: and recycling and destroying the remaining physical information which cannot be filtered.

8. An intelligent computer physical intrusion detection defending method of an industrial control system, which is characterized by comprising the following steps based on the intrusion detection defending system of any one of claims 1 to 7:

s001, the physical information acquisition subsystem acquires the physical information of the computer through big data collection;

s002, the physical information analysis subsystem analyzes the received physical information, further analyzes and associates attribute relations, decomposes complex physical information into simplified composition information, determines information basic attributes and attribute interrelationships of the simplified composition information, and performs deep identification analysis on the physical information;

s003, the physical information storage subsystem stores the data analyzed by the physical information analysis subsystem;

s004, the physical information calculation judging subsystem calculates a formula of the information processed by the physical information analysis subsystem, and judges whether the information is invasive physical information;

s005, the control subsystem of the physical information calculation judgment subsystem controls the whole physical information calculation judgment subsystem, and calculates physical information by issuing an instruction from the physical information calculation judgment subsystem;

s006, the control parameter output subsystem calculates through an equation set and further judges whether the physical information is invasive physical information or not;

s007, when the intrusion type physical information enters the system, the primary defense subsystem firstly intercepts the physical information simply, intercepts some simple intrusion information, issues instructions to the secondary defense subsystem and intercepts the physical information secondarily;

s008, the secondary interception is carried out on the intrusion type physical information which is not intercepted by the primary defense subsystem by the intermediate defense subsystem, and more complex information is simplified;

s009, the defense terminal subsystem finally intercepts the intrusion type physical information which is not intercepted by the defense system in the previous two times and destroys the intrusion type physical information.