CN116132170B - Industrial control equipment safety prevention and control system - Google Patents

Industrial control equipment safety prevention and control system Download PDF

Info

Publication number
CN116132170B
CN116132170B CN202310119507.8A CN202310119507A CN116132170B CN 116132170 B CN116132170 B CN 116132170B CN 202310119507 A CN202310119507 A CN 202310119507A CN 116132170 B CN116132170 B CN 116132170B
Authority
CN
China
Prior art keywords
industrial control
flow
abnormal
list
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310119507.8A
Other languages
Chinese (zh)
Other versions
CN116132170A (en
Inventor
李峰
郭举
白彬
姜明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yuntian Safety Technology Co ltd
Original Assignee
Shandong Yuntian Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yuntian Safety Technology Co ltd filed Critical Shandong Yuntian Safety Technology Co ltd
Priority to CN202310119507.8A priority Critical patent/CN116132170B/en
Publication of CN116132170A publication Critical patent/CN116132170A/en
Application granted granted Critical
Publication of CN116132170B publication Critical patent/CN116132170B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Safety Devices In Control Systems (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The application relates to a safety prevention and control system of industrial control equipment, which comprises the following steps when the computer program is executed by a processor: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set, and determining a second abnormal flow setting measure according to the industrial control flow information set so as to generate an abnormal heartbeat packet identification measure based on the second abnormal flow setting measure; it can be known that the application simulates the change rule of the normal flow similar to the abnormal flow according to the industrial control flow information set, and sets the abnormal flow according to the change rule of the transmission time length of the normal flow, so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, be beneficial to the design and upgrading of the safety prevention and control system of the industrial control equipment, and further improve the safety of the industrial control equipment.

Description

Industrial control equipment safety prevention and control system
Technical Field
The application relates to the technical field of industrial control equipment safety, in particular to a safety prevention and control system of industrial control equipment.
Background
With the development of industrial control systems, interconnection and interworking are a trend, but at the same time, higher requirements are also put on network security protection of the industrial control systems. The network security of the industrial control system has the inherent problems of old equipment and operating system, no security mechanism of communication protocol and the like, and is easy to suffer from network attack, thereby causing serious adverse effects such as equipment security, economic damage and the like; there is a need to make network security precautions for industrial control systems.
In the prior art, an initiator of abnormal flow sends the abnormal flow according to different times to avoid the safety prevention and control of industrial control equipment, thereby causing potential safety hazard of the industrial control equipment; therefore, how to determine the abnormal flow is a technical problem which needs to be solved by the person skilled in the art.
Disclosure of Invention
Aiming at the technical problems, the technical scheme adopted by the application is that the industrial control equipment safety prevention and control system comprises: the industrial control flow information set corresponding to the target industrial control equipment, a processor and a memory storing a computer program, when the computer program is executed by the processor, the following steps are realized:
s100, acquiring a first flow time list A= { A from the industrial control flow information set 1 ,……,A i ,……,A m },A i And i= … … m, wherein m is the number of the first industrial control flow corresponding to the target industrial control equipment.
S120, acquiring a first transmission duration parameter A 'corresponding to A according to A, wherein A' meets the following conditions:
s140 of the process of the present application, when the absolute value of A '-delta A' is less than or equal to delta A 0 When the first industrial control flow is determined to be abnormal flow, delta A 0 Is a preset duration threshold.
S160, when |A '-DeltaA' | > DeltaA 0 In this case, the first time period list c= { C is acquired 1 ,……,C j ,……,C n },C j For the j-th first time period, j= … … n, n being the number of first time periods.
S180, determining abnormal flow corresponding to the target industrial control equipment according to the C.
Compared with the prior art, the application has obvious advantages and beneficial effects. By means of the technical scheme, the industrial control equipment safety prevention and control system provided by the application can achieve quite technical progress and practicality, has wide industrial utilization value, and has at least the following advantages:
the application relates to a safety prevention and control system of industrial control equipment, which comprises the following steps when the computer program is executed by a processor: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set, and determining a second abnormal flow setting measure according to the industrial control flow information set so as to generate an abnormal heartbeat packet identification measure based on the second abnormal flow setting measure; it can be known that the application simulates the change rule of the normal flow similar to the abnormal flow according to the industrial control flow information set, and sets the abnormal flow according to the change rule of the transmission time length of the normal flow, so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, be beneficial to the design and upgrading of the safety prevention and control system of the industrial control equipment, and further improve the safety of the industrial control equipment.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application, as well as the preferred embodiments thereof, together with the following detailed description of the application, given by way of illustration only, together with the accompanying drawings.
Drawings
FIG. 1 is a flowchart of a computer program executed by a security control system of an industrial control device according to a first embodiment of the present application;
fig. 2 is a flowchart of an executing computer program of a safety prevention and control system of an industrial control device according to a second embodiment of the present application;
fig. 3 is a flowchart of an executing computer program of a safety prevention and control system of an industrial control device according to a third embodiment of the present application.
Detailed Description
In order to further describe the technical means and effects adopted by the present application to achieve the preset purposes, the following detailed description refers to the specific implementation of a data processing system for monitoring abnormal flow and the effects thereof according to the present application with reference to the accompanying drawings and the preferred embodiments.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
The first embodiment provides a safety prevention and control system for industrial control equipment, the system includes: the industrial control flow information set corresponding to the target industrial control device, the processor and the memory storing the computer program, when the computer program is executed by the processor, the following steps are realized, as shown in fig. 1:
s100, acquiring a first flow time list A= { A from the industrial control flow information set 1 ,……,A i ,……,A m },A i And i= … … m, wherein m is the number of the first industrial control flow corresponding to the target industrial control equipment.
Specifically, the target industrial control device is an industrial control device to be monitored, which is preset by a user, that is, the industrial control device is an industrial control computer.
Specifically, the industrial control flow information set includes industrial control flow information corresponding to a plurality of target industrial control devices, where each industrial control flow information includes an industrial control flow size corresponding to the target industrial control device and a transmission duration of the industrial control flow corresponding to the target industrial control device, which can be understood as: and the sum of the time length of the industrial control flow sent to the flow monitoring system and the time length of the feedback information received by the flow monitoring system.
Further, the first industrial control flow is an industrial control flow with a flow size difference between abnormal heartbeat packet sizes corresponding to the target industrial control equipment not larger than a preset flow size difference threshold value.
S120, acquiring a first transmission duration parameter A 'corresponding to A according to A, wherein A' meets the following conditions:
s140 of the process of the present application, when the absolute value of A '-delta A' is less than or equal to delta A 0 When the first industrial control flow is determined to be abnormal flow, delta A 0 Is a preset duration threshold.
S160, when |A '-DeltaA' | > DeltaA 0 In this case, the first time period list c= { C is acquired 1 ,……,C j ,……,C n },C j For the j-th first time period, j= … … n, n being the number of first time periods.
Specifically, C j =[C j1 ,C j2 ) Wherein C j1 Is C j Corresponding minimum value, C j2 Is C j Corresponding maximum value.
Further, C j2 And C (j-1)1 Equal.
Specifically, the step S140 further includes the following steps:
s1401, when |A '- ΔA' | > ΔA 0 ' at this time, a first critical duration interval ΔC is acquired 0 =[ΔC 0 1 ,ΔC 0 2 ]Wherein ΔC 0 1 For the minimum sum deltac of the first critical duration interval 0 2 Is the maximum value of the first critical duration interval.
Further, ΔC 0 1 Meets the following conditions:
ΔC 0 1 =min(A i ×m/∑ m i=1 A i )。
further, ΔC 0 2 Meets the following conditions:
ΔC 0 2 =max(A i ×m/∑ m i=1 A i )。
s1403 to DeltaC 0 Processing to generate delta C 0 Corresponding second key duration list C 0 ={C 0 1 ,……,C 0 y ,……,C 0 q },C 0 y For the y-th second key duration, y= … … q, q being the second key duration number.
Further, q meets the following conditions:
q=n-2。
further, C 0 y Meets the following conditions:
C 0 y =y×(ΔC 0 2 -ΔC 0 1 )/(n-2)。
s1405 according to DeltaC 0 1 、ΔC 0 2 And C 0 Obtaining a third key duration list C' = { deltaC 0 1 ,C 0 1 ,……,C 0 y ,……,C 0 q ,ΔC 0 2 }。
S1407, generating C according to the C'; it can be understood that: any two adjacent third critical time periods in the C' are constructed into a first time period.
Further, Δa' meets the following conditions:
wherein A is 0 α And for the transmission duration of the alpha-th target abnormal heartbeat packet in the target abnormal heartbeat packet list, alpha= … … β, wherein β is the number of the target abnormal heartbeat packets in the target abnormal heartbeat packet list.
Above-mentioned, through the maximum parameter value and the minimum parameter value of the transmission time of flow, confirm the duration interval of outflow, confirm the unusual flow according to the flow size change in duration interval to send according to different transmission time in order to avoid the unusual flow identification of the safety prevention and control of industrial control equipment, improved the security of industrial control equipment.
S180, determining abnormal flow corresponding to the target industrial control equipment according to the C.
Specifically, the step S180 further includes the following steps:
s1801, acquisition ofInitial traffic size list q= { Q corresponding to a 1 ,……,Q i ,……,Q m },Q i Is A i Corresponding initial flow size.
S1803, processing the initial flow corresponding to A according to each first time-length interval corresponding to C to obtain a key flow set Q corresponding to C 0 ={Q 0 1 ,……,Q 0 j ,……,Q 0 n },Q 0 j ={Q 0 j1 ,……,Q 0 jr ,……Q 0 js(j) },Q 0 jr Is C j The size of the r-th critical flow in the system, r= … … s (j), s (j) is C j Critical amount of traffic in.
S1805 according to Q 0 Acquiring Q 0 Corresponding flow difference DeltaQ 0 ={ΔQ 0 1 ,……,ΔQ 0 j ,……,ΔQ 0 n },ΔQ 0 j Is Q 0 j Corresponding flow differences.
Further, deltaQ 0 j Meets the following conditions:
s1807, when DeltaQ 0 j When < DeltaQ, deltaQ is determined 0 j The corresponding first industrial control flow is abnormal flow, wherein DeltaQ is a preset flow difference threshold.
S1809, when DeltaQ 0 j When the value is more than or equal to the delta Q, the delta Q is determined 0 j The corresponding first industrial control flow is non-abnormal flow.
The first embodiment provides a safety prevention and control system for an industrial control device, where the system includes an industrial control flow information set corresponding to a target industrial control device, a processor, and a memory storing a computer program, where when the computer program is executed by the processor, the following steps are implemented: acquiring a first flow time list from the industrial control flow information set, and acquiring a first transmission duration parameter corresponding to the first flow time list according to the first flow time list so as to determine abnormal flow according to the first transmission duration parameter; according to the method, the abnormal flow can be determined according to the transmission time of the flow, and then the abnormal flow which is transmitted according to different transmission times to avoid the safety control of the industrial control equipment is identified, so that the safety of the industrial control equipment is improved.
Example two
The second embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by the processor, the system further implements the following steps, as shown in fig. 2:
s200, when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring the second industrial control flow list and B= { B in a preset time period T 1 ,……,B x ,……,B p Second transmission time length list B corresponding to B 0 ={B 0 1 ,……,B 0 x ,……,B 0 p }, wherein B is x For the xth second industrial control flow, B 0 x Is B x And corresponding second transmission duration, wherein x= … … p, and p is the second industrial control flow quantity.
Specifically, the method for determining the abnormal flow in step S200 may refer to steps S100 to S180 in the first embodiment, and will not be described herein.
Specifically, the second industrial control flow is the industrial control flow which is consistent with the preset abnormal heartbeat packet in size.
Specifically, the second transmission duration is a transmission duration corresponding to the second industrial control flow.
S220, according to B 0 And determining a first abnormal flow setting measure so that an abnormal heartbeat packet identification measure is generated based on the first abnormal flow setting measure.
Specifically, the step S220 further includes the following steps:
s2201, according to B 0 Acquisition of B 0 Corresponding intermediate duration interval list d= { D 1 ,……,D v ,……,D w },D v =[D v1 ,D v2 ),D v1 Is B 0 The lower limit value D of the corresponding v-th middle duration interval v2 Is B 0 The upper limit value of the corresponding v-th middle duration interval; it can be understood that: b (B) 0 The adjacent two second transmission time periods are constructed into any middle time period, wherein v= … … w, w is B 0 Corresponding number of intermediate duration intervals.
S2203 according to B 0 Acquisition of B 0 Corresponding first intermediate transmission duration set D 0 ={D 0 1 ,……,D 0 v ,……,D 0 w },D 0 v For D v A corresponding first list of intermediate transmission durations.
Further, the first intermediate transmission duration number λ in each first intermediate transmission duration list, where λ meets the following condition:
λ=T/T 0 ×p,T 0 and presetting transmission time length for the abnormal heartbeat packet.
Further, in step S2203, the method further includes the following steps:
s10, acquiring an intermediate time difference delta B corresponding to B according to the B, wherein the delta B meets the following conditions:
ΔB=(∑ n x=1 (B 0 x- B 0 x-1 ))/(x-1)。
s30, when |D v2 -D v1 When the I is less than or equal to delta B, generating
For D 0 v η= … … λ.
Further, the method,
S50, when |D v2 -D v1 When I > DeltaB, generate
For D 0 v η= … … λ.
Further, the method comprises the steps of,
s2205, D 0 v Inserted into D v In (1) generating D v And a corresponding second intermediate transmission duration list.
S2207, the transmission time of the abnormal heartbeat packet is set according to each D v Setting a corresponding second intermediate transmission duration list to generate a first abnormal flow setting measure so as to generate an abnormal heartbeat packet identification measure based on the first abnormal flow setting measure; the abnormal heartbeat packet recognition measures are set by the person skilled in the art according to actual requirements, and are not described herein.
The second embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by a processor, the system further implements the following steps: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring a second industrial control flow list in a preset time period, and determining a first abnormal flow setting measure according to the second industrial control flow list so as to generate an abnormal heartbeat packet identification measure based on the first abnormal flow setting measure; it can be known that the application simulates the change rule of setting different transmission time lengths according to the second industrial control flow list so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, thereby being beneficial to the design and upgrading of the safety prevention and control system of the industrial control equipment and further improving the safety of the industrial control equipment.
Example III
The third embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by the processor, the system further implements the following steps, as shown in fig. 3:
s300, when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set U= { U 1 ,……,U g ,……,U z },U g ={U g1 ,……,U ga ,……,U gk(g) },U gv For the a-th industrial control flow in the g-th industrial control flow list, g= … … z, z is the number of target flow lists, a= … … k (g), and k (g) is the number of industrial control flows in the g-th industrial control flow list and k (g) is not less than 2.
Specifically, the method for determining the abnormal flow in the step S300 may refer to the steps S100 to S180 in the first embodiment, and will not be described herein.
Specifically, in step S300, the industrial control flow may refer to the industrial control flow in the first embodiment, which is not described herein.
S320, determining a second abnormal flow setting measure according to the U, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure.
Specifically, the step S320 further includes the following steps:
s3201, acquiring a transmission time length list T= { T corresponding to U 1 ,……,T g ,……,T z },T g ={T g1 ,……,T ga ,……,T gk(g) },T ga Is U (U) ga Corresponding transmission duration.
Specifically, in step S3201, the transmission duration corresponding to the industrial control flow may refer to the transmission duration corresponding to the industrial control flow in the first embodiment, which is not described herein.
S3202, according to T, obtaining target time corresponding to TInter-interval set Δt= { Δt 1 ,……,
ΔT g ,……,ΔT z },ΔT g ={ΔT g1 ,……,ΔT gb ,……,ΔT gh },ΔT gb
Is T g The b-th target time interval in the corresponding target time interval list, b= … … h, where h is the target time interval.
Specifically, at T g Any target time interval in the corresponding target time interval list is adjacent U ga The time interval between corresponding transmission durations.
Specifically, h meets the following conditions:
h=k(g)-1。
s3203, according to the DeltaT, obtaining a target time difference list DeltaT corresponding to the DeltaT 0 ={ΔT 0 1 ,……,ΔT 0 g ,……,ΔT 0 z },ΔT 0 g Is delta T g A corresponding first target time parameter.
Specifically, deltaT 0 g Meets the following conditions:
wherein T is 0 And presetting transmission time length for the abnormal heartbeat packet.
S3204 according to DeltaT 0 Obtaining DeltaT 0 A corresponding second target time parameter deltat'.
Further, Δt' meets the following conditions:
s3205, when DeltaT' > DeltaG, obtaining a first intermediate industrial control flow set U 0 ={U 0 1 ,……,U 0 e ,……,U 0 f },U 0 e For the first intermediate industrial control flow list, e= … … f, f is the first intermediate industrial controlControlling the number of the flow lists; it can be understood that: the first intermediate industrial control flow list is an industrial control flow list when deltat' > deltag, wherein deltag is a preset time parameter threshold.
S3206, from U 0 And acquiring a first intermediate industrial control flow list which is used as a second intermediate industrial control flow list when the number of the first intermediate industrial control flows in any first intermediate industrial control flow list, which is consistent with the size of the abnormal heartbeat packet, is not smaller than a preset flow number threshold value.
S3207, according to the second intermediate industrial control flow list, setting the transmission time length of the abnormal heartbeat packet as a second abnormal flow setting measure, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure; the abnormal heartbeat packet recognition measures are set by the person skilled in the art according to actual requirements, and are not described herein.
Specifically, the step S3207 further includes the following steps:
s1, the maximum time interval delta U in any one of the second intermediate industrial control flow lists is calculated 0 max And a minimum time interval DeltaU 0 min
S3, when any one of the second intermediate industrial control flow lists corresponds to the key time interval difference delta U 0 When the maximum key time interval difference is reached, setting the transmission time length of the target abnormal flow and delta U 0 And the transmission duration of the corresponding second intermediate industrial control flow list is consistent.
Further, deltaU 0 Meets the following conditions:
ΔU 0 =(ΔU 0 max- ΔU 0 min )。
the third embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by a processor, the system further implements the following steps: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set, and determining a second abnormal flow setting measure according to the industrial control flow information set so as to generate an abnormal heartbeat packet identification measure based on the second abnormal flow setting measure; it can be known that the application simulates the change rule of the normal flow similar to the abnormal flow according to the industrial control flow information set, and sets the abnormal flow according to the change rule of the transmission time length of the normal flow, so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, be beneficial to the design and upgrading of the safety prevention and control system of the industrial control equipment, and further improve the safety of the industrial control equipment.
The present application is not limited to the above-mentioned embodiments, but is intended to be limited to the following embodiments, and any modifications, equivalents and modifications can be made to the above-mentioned embodiments without departing from the scope of the application.

Claims (7)

1. An industrial control device safety prevention and control system, the system comprising: the industrial control flow information set corresponding to the target industrial control equipment, a processor and a memory storing a computer program, when the computer program is executed by the processor, the following steps are realized:
s300, when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set U= { U 1 ,……,U g ,……,U z },U g ={U g1 ,……,U ga ,……,U gk(g) },U gv For the a-th industrial control flow in the g-th industrial control flow list, g= … … z, z is the number of target flow lists, a= … … k (g), k (g) is the number of industrial control flows in the g-th industrial control flow list, and k (g) is not less than 2;
the step S300 is preceded by the following steps:
s100, acquiring a first flow time list A= { A from the industrial control flow information set 1 ,……,A i ,……,A m },A i For the time of the ith first industrial control flow, i= … … m, and m is the first industrial control flow quantity corresponding to the target industrial control equipment;
s120, acquiring a first transmission duration parameter A 'corresponding to A according to A, wherein A' meets the following conditions:
s140 of the process of the present application, when the absolute value of A '-delta A' is less than or equal to delta A 0 When the first industrial control flow is determined to be abnormal flow, delta A 0 A preset duration threshold value;
s160, when |A '-DeltaA' | > DeltaA 0 In this case, the first time period list c= { C is acquired 1 ,……,C j ,……,C n },C j J= … … n for the j-th first time period, n being the number of first time periods;
s180, determining abnormal flow corresponding to the target industrial control equipment according to the C;
the step S180 further includes the steps of:
s1801, an initial flow size list Q= { Q corresponding to A is obtained 1 ,……,Q i ,……,Q m },Q i Is A i Corresponding initial flow size;
s1803, processing the initial flow corresponding to A according to each first time-length interval corresponding to C to obtain a key flow set Q corresponding to C 0 ={Q 0 1 ,……,Q 0 j ,……,Q 0 n },Q 0 j ={Q 0 j1 ,……,Q 0 jr ,……Q 0 js(j) },Q 0 jr Is C j The size of the r-th critical flow in the system, r= … … s (j), s (j) is C j Critical flow amount in;
s1805 according to Q 0 Acquiring Q 0 Corresponding flow difference DeltaQ 0 ={ΔQ 0 1 ,……,ΔQ 0 j ,……,ΔQ 0 n },ΔQ 0 j Is Q 0 j Corresponding flow differences;
s1807, when DeltaQ 0 j When < DeltaQ, deltaQ is determined 0 j The corresponding first industrial control flow is abnormal flow, wherein DeltaQ is a preset flow difference threshold;
s1809, when DeltaQ 0 j When the value is more than or equal to the delta Q, the delta Q is determined 0 j The corresponding first industrial control flow is non-abnormal flow;
s320, determining a second abnormal flow setting measure according to the U, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure.
2. The industrial control device safety prevention and control system according to claim 1, wherein the target industrial control device is an industrial control device to be monitored, which is preset by a user.
3. The industrial control device safety prevention and control system according to claim 1, wherein the industrial control flow information set comprises industrial control flow information corresponding to a plurality of target industrial control devices, and each industrial control flow information comprises an industrial control flow corresponding to the target industrial control device and a transmission duration of the industrial control flow corresponding to the target industrial control device.
4. The industrial control device safety prevention and control system according to claim 1, wherein in step S160, C j =[C j1 ,C j2 ) Wherein C j1 Is C j Corresponding minimum value, C j2 Is C j Corresponding maximum value.
5. The industrial control device safety prevention and control system of claim 4, wherein C j2 And C (j-1)1 Equal.
6. The industrial control device safety prevention and control system of claim 1, wherein Δq 0 j Compliance withThe following conditions were:
7. the industrial control device safety prevention and control system of claim 1, further comprising the steps of:
s3201, acquiring a transmission time length list T= { T corresponding to U 1 ,……,T g ,……,T z },T g ={T g1 ,……,T ga ,……,T gk(g) },T ga Is U (U) ga Corresponding transmission time length;
s3202, according to T, obtaining a target time interval set delta T= { delta T corresponding to T 1 ,……,ΔT g ,……,ΔT z },ΔT g ={ΔT g1 ,……,ΔT gb ,……,ΔT gh },ΔT gb Is T g B= … … h, h is the target time interval, in the corresponding target time interval list;
s3203, according to the DeltaT, obtaining a target time difference list DeltaT corresponding to the DeltaT 0 ={ΔT 0 1 ,……,ΔT 0 g ,……,ΔT 0 z },ΔT 0 g Is delta T g A corresponding first target time parameter;
s3204 according to DeltaT 0 Obtaining DeltaT 0 A corresponding second target time parameter Δt ', wherein Δt' meets the following conditions:
s3205, when DeltaT' > DeltaG, obtaining a first intermediate industrial control flow set U 0 ={U 0 1 ,……,U 0 e ,……,U 0 f },U 0 e For the first intermediate industrial controlThe flow list, e= … … f, f is the number of the first intermediate industrial control flow list, wherein Δg is a preset time parameter threshold;
s3206, from U 0 The method comprises the steps of obtaining a first intermediate industrial control flow list which is the same as an abnormal heartbeat packet in any first intermediate industrial control flow list in size and is not smaller than a preset flow quantity threshold value as a second intermediate industrial control flow list;
s3207, according to the second intermediate industrial control flow list, setting the transmission duration of the abnormal heartbeat packet as a second abnormal flow setting measure, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure.
CN202310119507.8A 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system Active CN116132170B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310119507.8A CN116132170B (en) 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310119507.8A CN116132170B (en) 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system

Publications (2)

Publication Number Publication Date
CN116132170A CN116132170A (en) 2023-05-16
CN116132170B true CN116132170B (en) 2023-09-29

Family

ID=86297167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310119507.8A Active CN116132170B (en) 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system

Country Status (1)

Country Link
CN (1) CN116132170B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519290A (en) * 2019-09-03 2019-11-29 南京中孚信息技术有限公司 Anomalous traffic detection method, device and electronic equipment
CN110784458A (en) * 2019-10-21 2020-02-11 新华三信息安全技术有限公司 Flow abnormity detection method and device and network equipment
CN112165471A (en) * 2020-09-22 2021-01-01 杭州安恒信息技术股份有限公司 Industrial control system flow abnormity detection method, device, equipment and medium
CN113992396A (en) * 2021-10-26 2022-01-28 深信服科技股份有限公司 Flow detection method and device, electronic equipment and storage medium
CN114157516A (en) * 2022-02-09 2022-03-08 北京搜狐新媒体信息技术有限公司 Flow detection method and device, electronic equipment and computer storage medium
WO2022139642A1 (en) * 2020-12-22 2022-06-30 Telefonaktiebolaget Lm Ericsson (Publ) Device, method, and system for supporting botnet traffic detection
CN114944957A (en) * 2022-06-06 2022-08-26 山东云天安全技术有限公司 Abnormal data detection method and device, computer equipment and storage medium
CN115001853A (en) * 2022-07-18 2022-09-02 山东云天安全技术有限公司 Abnormal data identification method and device, storage medium and computer equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519290A (en) * 2019-09-03 2019-11-29 南京中孚信息技术有限公司 Anomalous traffic detection method, device and electronic equipment
CN110784458A (en) * 2019-10-21 2020-02-11 新华三信息安全技术有限公司 Flow abnormity detection method and device and network equipment
CN112165471A (en) * 2020-09-22 2021-01-01 杭州安恒信息技术股份有限公司 Industrial control system flow abnormity detection method, device, equipment and medium
WO2022139642A1 (en) * 2020-12-22 2022-06-30 Telefonaktiebolaget Lm Ericsson (Publ) Device, method, and system for supporting botnet traffic detection
CN113992396A (en) * 2021-10-26 2022-01-28 深信服科技股份有限公司 Flow detection method and device, electronic equipment and storage medium
CN114157516A (en) * 2022-02-09 2022-03-08 北京搜狐新媒体信息技术有限公司 Flow detection method and device, electronic equipment and computer storage medium
CN114944957A (en) * 2022-06-06 2022-08-26 山东云天安全技术有限公司 Abnormal data detection method and device, computer equipment and storage medium
CN115001853A (en) * 2022-07-18 2022-09-02 山东云天安全技术有限公司 Abnormal data identification method and device, storage medium and computer equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于隐蔽异常流量的网络通信传输安全检测;张天;;信息与电脑(理论版)(第24期);第1-2页 *

Also Published As

Publication number Publication date
CN116132170A (en) 2023-05-16

Similar Documents

Publication Publication Date Title
CN116112380B (en) Industrial control safety control system based on abnormal flow
CN116112270B (en) Data processing system for determining abnormal flow
CN104978201A (en) Method and device for controlling automatic pop-up window display
CN109412852B (en) Alarm method, alarm device, computer equipment and storage medium
CN110780847B (en) Random number generation method, random number generation device and electronic equipment
JP2005520466A5 (en)
CN108777805B (en) Detection method and device for illegal access request, central control server and system
CN116132170B (en) Industrial control equipment safety prevention and control system
CN109583161B (en) Information processing method and device and storage medium
JP2020526849A (en) Blockchain monitoring
CN1206880C (en) Communications system
TW201308097A (en) Method for smoothing the workload of a server
CN111651170A (en) Instance dynamic adjustment method and device and related equipment
US8245918B2 (en) Method and system for random data access for security applications
CN111179508A (en) Charging method and system
CN110855660B (en) Power industry network management system based on virtual link
EP3771978B1 (en) Information processing apparatus
CN103312621A (en) Flow control system and flow control method
CN108737086A (en) System and method for reducing network safety event using intelligent password management
CN115238277A (en) Safety protection system of network information
CN111475223B (en) Management method and device for information reminding
CN114443608A (en) Distributed file storage and download method, device, equipment and medium
JP6833143B2 (en) ECU, monitoring ECU and CAN system
CN112989406A (en) Information processing method, device, equipment and storage medium
CN107483883B (en) Intelligent data interaction method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant