CN116208373A - Message filtering configuration method, device, electronic equipment and medium - Google Patents

Message filtering configuration method, device, electronic equipment and medium Download PDF

Info

Publication number
CN116208373A
CN116208373A CN202211722253.0A CN202211722253A CN116208373A CN 116208373 A CN116208373 A CN 116208373A CN 202211722253 A CN202211722253 A CN 202211722253A CN 116208373 A CN116208373 A CN 116208373A
Authority
CN
China
Prior art keywords
information
point location
message
location information
message filtering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211722253.0A
Other languages
Chinese (zh)
Inventor
刘浩岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202211722253.0A priority Critical patent/CN116208373A/en
Publication of CN116208373A publication Critical patent/CN116208373A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application belongs to the technical field of communication and discloses a method, a device, electronic equipment and a medium for message filtering configuration, wherein the method comprises the steps of acquiring equipment point location information sets stored by industrial control equipment, wherein the equipment point location information sets are sets of equipment point location information of a plurality of industrial equipment; extracting a plurality of key word information in the point location information of each device in the point location information set of the device; and generating message filtering strategy information for filtering the message according to the plurality of keyword information in the point location information of each device. Thus, when the message filtering configuration is carried out, the labor cost and the time cost of the message filtering configuration are reduced, and the accuracy of the message filtering configuration is improved.

Description

Message filtering configuration method, device, electronic equipment and medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, an electronic device, and a medium for message filtering configuration.
Background
The industrial firewall is mainly applied to the field of industrial control safety, has the safety function of the traditional firewall and the analysis and filtering functions of an industrial communication protocol, and can block illegal instructions and intercept messages of the non-industrial control protocol by adopting a deep packet detection technology and an application layer communication tracking technology aiming at the industrial protocol so as to protect the network safety of industrial equipment. For example, the industrial device can be a programmable logic controller (Programmable Logic Controller, PLC).
Under the traditional technology, a manual configuration mode is generally adopted, and message filtering configuration is carried out in industrial firewall equipment based on equipment point location information of each industrial equipment so as to protect network security of the industrial equipment at each equipment point location. Wherein different points are used to identify different industrial devices.
However, in a medium-large industrial network environment, message filtering configuration needs to be performed on mass industrial equipment, the manpower and time cost of the message filtering configuration is high, and the problem of missed configuration is easy to exist.
Disclosure of Invention
The embodiment of the application aims to provide a method, a device, electronic equipment and a medium for message filtering configuration, which are used for reducing the labor cost and the time cost of the message filtering configuration and improving the configuration accuracy when the message filtering configuration is carried out.
In one aspect, a method for message filtering configuration is provided, which is applied to industrial firewall equipment, and includes:
acquiring a device point location information set stored by industrial control equipment, wherein the device point location information set is a set of device point location information of a plurality of industrial devices;
extracting a plurality of key word information in the point location information of each device in the point location information set of the device;
and generating message filtering strategy information for filtering the message according to the plurality of keyword information in the point location information of each device.
In one embodiment, the method further comprises:
when the target message to be detected is determined to be received, extracting message information of the target message;
detecting the message information of the target message according to the message filtering strategy information;
if the detection result is that the detection is passed, forwarding the target message, otherwise, discarding the target message.
In one embodiment, the device point location information includes at least one of the following parameters: the method comprises the steps of point location name, read-write operation, point location address, point location data type and point location value.
In one embodiment, generating message filtering policy information for filtering a message according to a plurality of keyword information in point location information of each device includes:
standard field information corresponding to each keyword information is obtained;
and generating message filtering strategy information according to the standard field information.
In one embodiment, the method further comprises:
and when the strategy adjustment instruction is determined to be received, updating the message filtering strategy information according to the strategy adjustment instruction.
In one aspect, an apparatus for message filtering configuration is provided, which is applied to an industrial firewall device, and includes:
the device comprises an acquisition unit, a control unit and a control unit, wherein the acquisition unit is used for acquiring a device point location information set stored by industrial control equipment, and the device point location information set is a set of device point location information of a plurality of industrial devices;
the extraction unit is used for extracting a plurality of keyword information in the point location information of each device in the point location information set of the device;
and the generating unit is used for generating message filtering strategy information for filtering the messages according to the plurality of keyword information in the point location information of each device.
In one embodiment, the generating unit is further configured to:
when the target message to be detected is determined to be received, extracting message information of the target message;
detecting the message information of the target message according to the message filtering strategy information;
if the detection result is that the detection is passed, forwarding the target message, otherwise, discarding the target message.
In one embodiment, the device point location information includes at least one of the following parameters: the method comprises the steps of point location name, read-write operation, point location address, point location data type and point location value.
In one embodiment, the generating unit is configured to:
standard field information corresponding to each keyword information is obtained;
and generating message filtering strategy information according to the standard field information.
In one embodiment, the generating unit is further configured to:
and when the strategy adjustment instruction is determined to be received, updating the message filtering strategy information according to the strategy adjustment instruction.
In one aspect, an electronic device is provided that includes a processor and a memory storing computer readable instructions that, when executed by the processor, perform the steps of a method as provided in various alternative implementations of any of the message filtering arrangements described above.
In one aspect, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, performs the steps of a method as provided in various alternative implementations of any of the above-described message filtering arrangements.
In one aspect, a computer program product is provided which, when run on a computer, causes the computer to perform the steps of the method provided in various alternative implementations of any of the message filtering arrangements described above.
In the method, the device, the electronic equipment and the medium for message filtering configuration provided by the embodiment of the application, the equipment point location information set stored by the industrial control equipment is obtained, wherein the equipment point location information set is a set of equipment point location information of a plurality of industrial equipment; extracting a plurality of key word information in the point location information of each device in the point location information set of the device; and generating message filtering strategy information for filtering the message according to the plurality of keyword information in the point location information of each device. Thus, when the message filtering configuration is carried out, the labor cost and the time cost of the message filtering configuration are reduced, and the accuracy of the message filtering configuration is improved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a method for message filtering configuration provided in an embodiment of the present application;
FIG. 2 is a flowchart of a method for filtering messages according to an embodiment of the present application;
fig. 3 is a block diagram of a device for message filtering configuration according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Some of the terms referred to in the embodiments of the present application will be described first to facilitate understanding by those skilled in the art.
Terminal equipment: the mobile terminal, stationary terminal or portable terminal may be, for example, a mobile handset, a site, a unit, a device, a multimedia computer, a multimedia tablet, an internet node, a communicator, a desktop computer, a laptop computer, a notebook computer, a netbook computer, a tablet computer, a personal communications system device, a personal navigation device, a personal digital assistant, an audio/video player, a digital camera/camcorder, a positioning device, a television receiver, a radio broadcast receiver, an electronic book device, a game device, or any combination thereof, including the accessories and peripherals of these devices, or any combination thereof. It is also contemplated that the terminal device can support any type of interface (e.g., wearable device) for the user, etc.
And (3) a server: the cloud server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and can also be a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, basic cloud computing services such as big data and artificial intelligent platforms and the like.
In order to reduce the labor cost and the time cost of the message filtering configuration and improve the configuration accuracy when the message filtering configuration is carried out, the embodiment of the application provides a method, a device, electronic equipment and a medium for the message filtering configuration.
In this embodiment of the present application, the execution body may be an industrial firewall device, and the industrial firewall device may be a server or a terminal device.
An application scenario comprises a terminal device, an industrial firewall device and an industrial device set. The industrial equipment set includes industrial control equipment and a plurality of industrial equipment. Alternatively, the industrial device may be a PLC device.
The industrial control device stores a device point location information set, which is a set of device point location information of each industrial device. And importing the equipment point location information set in the industrial control equipment into industrial firewall equipment. The industrial firewall equipment adopts a message filtering configuration method, and automatically generates message filtering strategy information based on the equipment point position information set, so that when a message sent to any industrial equipment by the terminal equipment is received, the message is detected through the message filtering strategy information, if the detection is passed, the message is sent and forwarded to the industrial equipment, and otherwise, the message is discarded.
A specific implementation flow of the above method of filtering configuration is described below with reference to fig. 1. Referring to fig. 1, a flowchart of a method for message filtering configuration provided in an embodiment of the present application is shown, where a specific implementation flow of the method is as follows:
step 100: acquiring a device point location information set stored by industrial control equipment, wherein the device point location information set is a set of device point location information of a plurality of industrial devices; step 101: extracting a plurality of key word information in the point location information of each device in the point location information set of the device; step 102: and generating message filtering strategy information for filtering the message according to the plurality of keyword information in the point location information of each device.
The industrial control software (e.g., PLC control software) of the industrial control device stores a set of device point location information of each industrial device, that is, a set of device point location information, so as to reduce the labor cost and the time cost for performing message filtering configuration on each industrial device, and directly import the set of device point location information stored in the industrial control device into the industrial firewall device. In one embodiment, the device point location information set in the industrial control software of the industrial control device is exported to the local site, and then the local device point location information set is imported to the import industrial firewall device.
Alternatively, the set of device point location information may be a TAG (TAG) point table. The device point location information may include, but is not limited to, at least one of the following parameters: the method comprises the steps of point location name, read-write operation, point location address, point location data type and point location value. The point location name is the name of the industrial equipment. The read-write operation is a read operation and a write operation for the industrial device. The point location value is used to identify the industrial device. The point location address is the network address of the industrial device. In practical application, the device point location information may be set according to a practical application scenario, which is not limited herein.
Specifically, when step 100 is performed, the following steps may be adopted:
s1001: and sending a point location information request to the industrial control equipment.
S1002: and receiving a device point location information set returned by the industrial control device based on the point location information request.
Further, the device point location information set in the industrial control device may be imported into the industrial firewall device by copying, which is not limited herein.
In order to accurately extract the plurality of keyword information in the point location information of each device, the implementation process of step 101 may adopt any of the following modes:
mode one: and obtaining matched keyword information in the point location information of each device by adopting a keyword matching mode.
And secondly, extracting key word information in the point location information of each device by adopting a regular expression mode.
As one example, each keyword information includes a key field and its corresponding parameter value. For example, the key fields and the corresponding parameter values thereof are in turn: point name: industrial equipment AA.
Thus, keyword information in the device point location information can be acquired.
It should be noted that, there may be a large difference in expression of terms in the device point location information sets in the industrial control devices of different manufacturers. For example, in a certain TAG point table, the point name (key field) of the industrial equipment is represented by chinese, and in another TAG point table, the point name of the industrial equipment is represented by english simple spelling. For this purpose, keyword information of the point location information of each device may be standardized (i.e., unified by word). Specifically, the implementation procedure of step 102 may include:
s1021: and obtaining standard field information corresponding to each keyword information.
Specifically, the implementation process of S1021 may adopt any of the following modes:
mode one: and determining a standard field matched with the key field in each keyword information by adopting a field matching mode, and taking the field value of the key field in the keyword information as the field value of the standard field matched with the key field to obtain standard field information.
Mode 2: according to the preset field corresponding relation, standard fields corresponding to the key fields in the keyword information are obtained, and the field values of the key fields in the keyword information are used as the field values of the standard fields corresponding to the key fields, so that standard field information is obtained.
Thus, the keyword information can be unified.
S1022: and generating message filtering strategy information according to the standard field information.
Specifically, corresponding message filtering conditions are generated for each standard field information respectively, and message filtering strategy information is obtained based on the message filtering conditions corresponding to each standard field information.
In one embodiment, a point white list may be generated according to the message filtering conditions corresponding to the standard field information, and the point white list may be used as the configured message filtering policy information. The point white list is used for screening the messages which accord with the message passing conditions.
For example, because the formats of the TAG point tables in the PLC control software are different, an administrator generally needs to set the corresponding relationship between the point name, the read-write operation, the point address, the point data type and the point value in the TAG point table, the point name, the read-write operation, the point address, the data type and the point value in the industrial firewall device according to the actual situation after the TAG point table in the PLC control software is imported into the industrial firewall, and after the setting is completed, the industrial firewall can generate a point whitelist table according to the TAG point table information and also can be called as a data dictionary.
Optionally, the message filtering condition may be manually configured, may be included in the standard field information, or may be generated based on each standard field information according to the message filtering rule.
As one example, target standard field information of industrial equipment that does not need access filtering is screened out from the standard field information, and the target standard field information is added to the dot whitelist. Thus, if it is determined that the destination device accessed by the message does not need to perform message filtering according to the target standard field information, the message is detected to pass.
As another example, the standard field information further includes a read-write permission, and if the specified industrial device does not allow the write operation, the generated message filtering condition is: messages for write operations are filtered.
As another example, if the message filtering rule indicates that the industrial device with the specified point address interval does not allow access, the generated message filtering condition is that, for the industrial device with the point address located in the specified point address interval: all messages that access the industrial equipment are filtered.
In practical application, the generating manner and the specific content of the point whitelist table can be set according to the practical application scene, which is not limited herein.
After the message filtering configuration is performed, message filtering can be performed.
The following describes a specific implementation flow of the method for filtering a message with reference to fig. 2. Referring to fig. 2, a flowchart of a method for filtering a message is shown, where the specific implementation flow of the method may include:
step 200: when the target message to be detected is determined to be received, extracting message information of the target message; step 201: detecting the message information of the target message according to the message filtering strategy information; step 202: and judging whether the detection is passed or not according to the detection result, if so, executing step 203, otherwise, executing step 204. Step 203: and forwarding the target message. Step 204: the target message is discarded.
Furthermore, the message filtering strategy information can be dynamically adjusted according to actual requirements. Specifically, the implementation process of adjusting the message filtering policy information may include:
and when the strategy adjustment instruction is determined to be received, updating the message filtering strategy information according to the strategy adjustment instruction.
As one example, a set of device point location information (e.g., TAG point tables) in industrial control software (e.g., PLC control software) of an industrial control device is exported into an industrial firewall device. The industrial firewall equipment extracts key word information of the point location information of each equipment in the point location information set of the equipment, normalizes the key word information to obtain unified standard field information, and establishes association relations between the filtering conditions of each message set by an administrator and the standard field information to obtain the filtering strategy information of the message.
After the configuration of the message filtering strategy information is completed, when the terminal equipment sends the target message to a certain industrial equipment through the industrial firewall equipment, the industrial firewall equipment can extract the message information (such as the point location address of the accessed industrial equipment) of the target message and directly reference the configured message filtering strategy information, and according to the message information, the message filtering conditions respectively corresponding to each target message are determined, if the message information of a certain target message is determined to be in accordance with the message filtering conditions, the target message is determined to pass through detection and release, otherwise, the target message is discarded.
Under the traditional technology, manual configuration is generally needed to configure each keyword information in the equipment point location information of each industrial equipment into the industrial firewall equipment one by one, when the industrial equipment is more, the data size needed to be configured is larger, a great deal of labor cost and time cost are consumed, and an administrator is difficult to ensure the quality of the configured data, so that the problem of configuration omission possibly exists. In the embodiment of the application, the device point location information set in the industrial control device can be directly imported, standardized processing is carried out on the device point location information in the device point location information set, message filtering strategy information is automatically generated to carry out message filtering, multiplexing and compatibility of the device point location information sets with different contents for different manufacturers are achieved, configuration work of configuration personnel is greatly reduced, configuration efficiency and network safety are improved, data of the message filtering strategy information are visual, real-time dynamic adjustment can be carried out according to actual requirements, complicated operation of configuration adjustment is simplified, maintenance cost is reduced, and configuration adjustment efficiency and user experience are improved.
Based on the same inventive concept, the embodiment of the present application further provides a device for message filtering configuration, and because the principle of solving the problem by the device and the equipment is similar to that of a method for message filtering configuration, the implementation of the device can refer to the implementation of the method, and the repetition is omitted.
As shown in fig. 3, the block diagram of an apparatus for message filtering configuration according to an embodiment of the present application includes:
an acquiring unit 301, configured to acquire a set of device point location information stored by an industrial control device, where the set of device point location information is a set of device point location information of a plurality of industrial devices;
an extracting unit 302, configured to extract a plurality of keyword information in each device point location information in the device point location information set;
the generating unit 303 is configured to generate message filtering policy information for filtering a message according to a plurality of keyword information in the point location information of each device.
In one embodiment, the generating unit 303 is further configured to:
when the target message to be detected is determined to be received, extracting message information of the target message;
detecting the message information of the target message according to the message filtering strategy information;
if the detection result is that the detection is passed, forwarding the target message, otherwise, discarding the target message.
In one embodiment, the device point location information includes at least one of the following parameters: the method comprises the steps of point location name, read-write operation, point location address, point location data type and point location value.
In one embodiment, the generating unit 303 is configured to:
standard field information corresponding to each keyword information is obtained;
and generating message filtering strategy information according to the standard field information.
In one embodiment, the generating unit 303 is further configured to:
and when the strategy adjustment instruction is determined to be received, updating the message filtering strategy information according to the strategy adjustment instruction.
In the method, the device, the electronic equipment and the medium for message filtering configuration provided by the embodiment of the application, the equipment point location information set stored by the industrial control equipment is obtained, wherein the equipment point location information set is a set of equipment point location information of a plurality of industrial equipment; extracting a plurality of key word information in the point location information of each device in the point location information set of the device; and generating message filtering strategy information for filtering the message according to the plurality of keyword information in the point location information of each device. Thus, when the message filtering configuration is carried out, the labor cost and the time cost of the message filtering configuration are reduced, and the accuracy of the message filtering configuration is improved.
Fig. 4 shows a schematic structural diagram of an electronic device 4000. Referring to fig. 4, an electronic device 4000 includes: the processor 4010 and the memory 4020, and may optionally include a power supply 4030, a display unit 4040, and an input unit 4050.
The processor 4010 is a control center of the electronic device 4000, connects the respective components using various interfaces and lines, and performs various functions of the electronic device 4000 by running or executing software programs and/or data stored in the memory 4020, thereby performing overall monitoring of the electronic device 4000.
In the embodiment of the present application, the processor 4010 executes the steps in the above embodiment when calling the computer program stored in the memory 4020.
Optionally, the processor 4010 may comprise one or more processing units; preferably, the processor 4010 may integrate an application processor and a modem processor, wherein the application processor mainly handles an operating system, a user interface, an application, etc., and the modem processor mainly handles wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 4010. In some embodiments, the processor, memory, may be implemented on a single chip, and in some embodiments, they may be implemented separately on separate chips.
The memory 4020 may mainly include a storage program area that may store an operating system, various applications, and the like, and a storage data area; the storage data area may store data created according to the use of the electronic device 4000, and the like. In addition, the memory 4020 may include high-speed random access memory, and may also include nonvolatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device, and the like.
The electronic device 4000 further includes a power supply 4030 (e.g., a battery) for powering the various components that can be logically coupled to the processor 4010 via a power management system to facilitate management of charge, discharge, and power consumption via the power management system.
The display unit 4040 may be used to display information input by a user or information provided to the user, various menus of the electronic device 4000, and the like, and is mainly used to display a display interface of each application in the electronic device 4000 and objects such as text and pictures displayed in the display interface in the embodiment of the present invention. The display unit 4040 may include a display panel 4041. The display panel 4041 may be configured in the form of a liquid crystal display (Liquid Crystal Display, LCD), an Organic Light-Emitting Diode (OLED), or the like.
The input unit 4050 may be used to receive information such as numbers or characters entered by a user. The input unit 4050 may include a touch panel 4051 and other input devices 4052. Wherein the touch panel 4051, also referred to as a touch screen, may collect touch operations thereon or thereabout by a user (e.g., operations of the user on the touch panel 4051 or thereabout using any suitable object or accessory such as a finger, stylus, etc.).
Specifically, the touch panel 4051 may detect a touch operation by a user, detect a signal resulting from the touch operation, convert the signal into a touch point coordinate, send the touch point coordinate to the processor 4010, and receive and execute a command sent from the processor 4010. In addition, the touch panel 4051 may be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. Other input devices 4052 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, on-off keys, etc.), a trackball, mouse, joystick, etc.
Of course, the touch panel 4051 may overlay the display panel 4041, and when the touch panel 4051 detects a touch operation thereon or thereabout, it is passed to the processor 4010 to determine the type of touch event, and the processor 4010 then provides a corresponding visual output on the display panel 4041 in accordance with the type of touch event. Although in fig. 4, the touch panel 4051 and the display panel 4041 are implemented as two separate components to implement the input and output functions of the electronic device 4000, in some embodiments, the touch panel 4051 may be integrated with the display panel 4041 to implement the input and output functions of the electronic device 4000.
The electronic device 4000 may also include one or more sensors, such as a pressure sensor, a gravitational acceleration sensor, a proximity light sensor, and the like. Of course, the electronic device 4000 may also include other components such as a camera, as needed in a specific application, and these components are not shown in fig. 4 and will not be described in detail since they are not the components that are important in the embodiments of the present application.
It will be appreciated by those skilled in the art that fig. 4 is merely an example of an electronic device and is not meant to be limiting, and that more or fewer components than shown may be included, or certain components may be combined, or different components may be included.
In an embodiment of the present application, a computer-readable storage medium has stored thereon a computer program that, when executed by a processor, enables a communication device to perform the steps of the above-described embodiments.
For convenience of description, the above parts are described as being functionally divided into modules (or units) respectively. Of course, the functions of each module (or unit) may be implemented in the same piece or pieces of software or hardware when implementing the present application.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (12)

1. A method for message filtering configuration, applied to an industrial firewall device, comprising:
acquiring a device point location information set stored by industrial control equipment, wherein the device point location information set is a set of device point location information of a plurality of industrial devices;
extracting a plurality of key word information in the point location information of each device in the point location information set of the device;
and generating message filtering strategy information for filtering the message according to the plurality of keyword information in the point location information of each device.
2. The method of claim 1, wherein the method further comprises:
when the target message to be detected is determined to be received, extracting message information of the target message;
detecting the message information of the target message according to the message filtering strategy information;
if the detection result is that the detection is passed, forwarding the target message, otherwise, discarding the target message.
3. The method of claim 1 or 2, wherein the device point location information comprises at least one of the following parameters: the method comprises the steps of point location name, read-write operation, point location address, point location data type and point location value.
4. The method according to claim 1 or 2, wherein the generating the message filtering policy information for filtering the message according to the plurality of keyword information in the point location information of each device includes:
standard field information corresponding to each keyword information is obtained;
and generating the message filtering strategy information according to the standard field information.
5. The method of claim 1 or 2, wherein the method further comprises:
and when the strategy adjustment instruction is determined to be received, updating the message filtering strategy information according to the strategy adjustment instruction.
6. An apparatus for message filtering configuration, applied to an industrial firewall device, comprising:
the device comprises an acquisition unit, a storage unit and a control unit, wherein the acquisition unit is used for acquiring a device point location information set stored by industrial control equipment, and the device point location information set is a set of device point location information of a plurality of industrial devices;
the extraction unit is used for extracting a plurality of keyword information in the point location information of each device in the point location information set of the device;
and the generating unit is used for generating message filtering strategy information for filtering the messages according to the plurality of keyword information in the point location information of each device.
7. The apparatus of claim 6, wherein the generating unit is further to:
when the target message to be detected is determined to be received, extracting message information of the target message;
detecting the message information of the target message according to the message filtering strategy information;
if the detection result is that the detection is passed, forwarding the target message, otherwise, discarding the target message.
8. The apparatus of claim 6 or 7, wherein the device point location information comprises at least one of the following parameters: the method comprises the steps of point location name, read-write operation, point location address, point location data type and point location value.
9. The apparatus of claim 6 or 7, wherein the generating unit is configured to:
standard field information corresponding to each keyword information is obtained;
and generating the message filtering strategy information according to the standard field information.
10. The apparatus of claim 6 or 7, wherein the generating unit is further configured to:
and when the strategy adjustment instruction is determined to be received, updating the message filtering strategy information according to the strategy adjustment instruction.
11. An electronic device comprising a processor and a memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-5.
12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, performs the method according to any of claims 1-5.
CN202211722253.0A 2022-12-30 2022-12-30 Message filtering configuration method, device, electronic equipment and medium Pending CN116208373A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211722253.0A CN116208373A (en) 2022-12-30 2022-12-30 Message filtering configuration method, device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211722253.0A CN116208373A (en) 2022-12-30 2022-12-30 Message filtering configuration method, device, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN116208373A true CN116208373A (en) 2023-06-02

Family

ID=86512139

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211722253.0A Pending CN116208373A (en) 2022-12-30 2022-12-30 Message filtering configuration method, device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN116208373A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984170A (en) * 2012-12-11 2013-03-20 清华大学 System and method for safe filtering of industrial control network
CN110430159A (en) * 2019-06-20 2019-11-08 国网辽宁省电力有限公司信息通信分公司 A kind of excessive method for early warning of Platform Server firewall policy range of opening
CN111355740A (en) * 2020-03-09 2020-06-30 云南电网有限责任公司昆明供电局 Method for rapidly and conveniently detecting firewall configuration
CN112511524A (en) * 2020-11-24 2021-03-16 北京天融信网络安全技术有限公司 Access control policy configuration method and device
CN113364801A (en) * 2021-06-24 2021-09-07 深圳前海微众银行股份有限公司 Management method, system, terminal device and storage medium of network firewall policy
WO2021189826A1 (en) * 2020-09-02 2021-09-30 平安科技(深圳)有限公司 Message generation method and apparatus, electronic device, and computer-readable storage medium
CN113489701A (en) * 2021-06-29 2021-10-08 深信服科技股份有限公司 Firewall configuration method, system and equipment
CN114006819A (en) * 2021-11-03 2022-02-01 北京天融信网络安全技术有限公司 Detection strategy generation and device, and data transmission method and device
CN114598530A (en) * 2022-03-09 2022-06-07 上海中广核工程科技有限公司 Industrial control firewall white list rule matching method and device and related equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984170A (en) * 2012-12-11 2013-03-20 清华大学 System and method for safe filtering of industrial control network
CN110430159A (en) * 2019-06-20 2019-11-08 国网辽宁省电力有限公司信息通信分公司 A kind of excessive method for early warning of Platform Server firewall policy range of opening
CN111355740A (en) * 2020-03-09 2020-06-30 云南电网有限责任公司昆明供电局 Method for rapidly and conveniently detecting firewall configuration
WO2021189826A1 (en) * 2020-09-02 2021-09-30 平安科技(深圳)有限公司 Message generation method and apparatus, electronic device, and computer-readable storage medium
CN112511524A (en) * 2020-11-24 2021-03-16 北京天融信网络安全技术有限公司 Access control policy configuration method and device
CN113364801A (en) * 2021-06-24 2021-09-07 深圳前海微众银行股份有限公司 Management method, system, terminal device and storage medium of network firewall policy
CN113489701A (en) * 2021-06-29 2021-10-08 深信服科技股份有限公司 Firewall configuration method, system and equipment
CN114006819A (en) * 2021-11-03 2022-02-01 北京天融信网络安全技术有限公司 Detection strategy generation and device, and data transmission method and device
CN114598530A (en) * 2022-03-09 2022-06-07 上海中广核工程科技有限公司 Industrial control firewall white list rule matching method and device and related equipment

Similar Documents

Publication Publication Date Title
US10237295B2 (en) Automated event ID field analysis on heterogeneous logs
CN107741937B (en) Data query method and device
CN105900466B (en) Message processing method and device
US10122839B1 (en) Techniques for enhancing content on a mobile device
US20160241589A1 (en) Method and apparatus for identifying malicious website
EP3493112B1 (en) Image processing method, computer device, and computer readable storage medium
CN115150261B (en) Alarm analysis method, device, electronic equipment and storage medium
CN116168038B (en) Image reproduction detection method and device, electronic equipment and storage medium
CN104866770A (en) Sensitive data scanning method and sensitive data scanning system
CN113157753A (en) Display method and device and electronic equipment
CN113609479A (en) File detection method and device, electronic equipment and readable storage medium
CN105550183A (en) Identifying method of identifying information in webpage and electronic device
WO2023216745A1 (en) Table reconstruction method and electronic device
JP2007188264A (en) Display control apparatus
WO2022253132A1 (en) Information display method and apparatus, and electronic device
CN116208373A (en) Message filtering configuration method, device, electronic equipment and medium
CN114238391A (en) Data paging query method and device, electronic equipment and storage medium
CN114265759A (en) Tracing method and system after data information leakage and electronic equipment
CN114398128A (en) Information display method and device
CN113535842A (en) Clue analysis method and system for importing compatibility data and readable storage medium
CN113705722B (en) Method, device, equipment and medium for identifying operating system version
CN107066420A (en) Search for the electronic equipment and method of data record
CN112698879A (en) Method and device for loading source file
CN115913782A (en) Message filtering configuration method and device, electronic equipment and medium
CN112287131A (en) Information interaction method and information interaction device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination