CN116800511A - Industrial control system network safety protection capability checking and evaluating system - Google Patents

Industrial control system network safety protection capability checking and evaluating system Download PDF

Info

Publication number
CN116800511A
CN116800511A CN202310825226.4A CN202310825226A CN116800511A CN 116800511 A CN116800511 A CN 116800511A CN 202310825226 A CN202310825226 A CN 202310825226A CN 116800511 A CN116800511 A CN 116800511A
Authority
CN
China
Prior art keywords
control system
industrial control
network
maintenance
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310825226.4A
Other languages
Chinese (zh)
Other versions
CN116800511B (en
Inventor
魏书山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shikong Shanghai Brand Planning Co ltd
Original Assignee
Guangdong Waner Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Waner Technology Co ltd filed Critical Guangdong Waner Technology Co ltd
Priority to CN202310825226.4A priority Critical patent/CN116800511B/en
Publication of CN116800511A publication Critical patent/CN116800511A/en
Application granted granted Critical
Publication of CN116800511B publication Critical patent/CN116800511B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses an industrial control system network security protection capability checking and evaluating system, which relates to the technical field of network security protection and comprises an industrial control system monitoring unit, a risk shielding unit, a risk protection unit, a twins industrial control system, a security protection sub-platform, a background operation and maintenance platform, a vulnerability repairing unit and a network security evaluating unit; the twin industrial control system is two identical industrial control systems, wherein one industrial control system is connected with the background operation and maintenance platform; the risk protection unit is used for constructing a safety firewall for the network safety of the operation and maintenance industrial control system; the industrial control system monitoring unit is used for carrying out safety protection monitoring on the operation and maintenance industrial control system. The application can know the safety protection state of the operation and maintenance industrial control system in real time, and carry out timely strengthening maintenance, and the capability of network attack can be strengthened along with the development progress of the times, so the safety protection capability of the operation and maintenance industrial control system also needs to be strengthened and defended.

Description

Industrial control system network safety protection capability checking and evaluating system
Technical Field
The application relates to the technical field of network safety protection, in particular to an industrial control system network safety protection capability checking and evaluating system.
Background
With the development of computer technology, communication technology and control technology, the traditional control field is undergoing an unprecedented revolution, and starts to develop towards networking, wherein the implementation of network security is also introduced in industrial control systems.
The prior art has the following defects: if the part is damaged by the network in the running process of the industrial control system, the part is difficult to replace, the normal running and use of the industrial control system are affected, the good standby performance is not achieved, the network attack is also more vigorous and stronger along with the development of the age, and the technical maintenance and reinforcement of the security defense system are difficult to carry out according to the data.
Disclosure of Invention
The application aims to provide an industrial control system network security protection capability checking and evaluating system for solving the defects in the background technology.
In order to achieve the above object, the present application provides the following technical solutions: the system comprises an industrial control system monitoring unit, a risk shielding unit, a risk protection unit, a twins industrial control system, a safety protection sub-platform, a background operation and maintenance platform, a vulnerability repairing unit and a network safety evaluation unit;
the twins industrial control system is two identical industrial control systems, wherein one industrial control system is connected with the background operation and maintenance platform and is used as an operation and maintenance industrial control system; the other industrial control system is used as a standby, and is used as a standby industrial control system, and the operation and maintenance industrial control system transmits and backs up information to the standby industrial control system in real time;
the risk protection unit is used for constructing a safety firewall for the network safety of the operation and maintenance industrial control system to form a safety protection item;
the industrial control system monitoring unit is used for carrying out safety protection monitoring on the operation and maintenance industrial control system to form an operation and maintenance industrial control system management item;
the risk shielding unit is used for carrying out network security risk monitoring on the operation and maintenance industrial control system, forming a risk grade, and selecting to carry out risk shielding on the operation and maintenance industrial control system according to the risk grade;
the vulnerability repairing unit is used for carrying out network patrol on the network security of the operation and maintenance industrial control system, and searching for network security vulnerabilities to repair;
the network security assessment unit is used for collecting and assessing information of security protection feasibility of the operation and maintenance industrial control system;
the safety protection sub-platform is in data connection with the background operation and maintenance platform, and after the operation and maintenance industrial control system performs risk shielding, the safety protection sub-platform is connected with a network site in the operation and maintenance industrial control system, and risk is relieved for the network site.
In a preferred embodiment, the relationship establishment mode of the twins industrial control system is as follows:
the industrial control system is provided with a plurality of network stations, and the network stations in the operation and maintenance industrial control system and the standby industrial control system are in parallel relation;
setting the synchronous frequency of data between the network stations in the operation and maintenance industrial control system and the standby industrial control system, and correspondingly storing the network station data in the operation and maintenance industrial control system into the network station of the standby industrial control system according to the set synchronous evaluation rate;
the data synchronization is carried out according to the set frequency, so that the situation that the data of the standby network station is lost after the network station is shielded by network attack can be reduced, and smooth replacement can be carried out between the standby industrial control system and the operation and maintenance industrial control system.
In a preferred embodiment, the firewall is established by:
acquiring information of a coverage area of an operation and maintenance industrial control system and information of a network site, and constructing a first-level security firewall in the coverage area of the operation and maintenance industrial control system;
meanwhile, a secondary security firewall is correspondingly built one by one aiming at network sites in the operation and maintenance industrial control system, meanwhile, the area corresponding relation between the primary security firewall and the secondary security firewall is built, and the primary security firewall and the secondary security firewall are associated according to the position of network attack.
In a preferred embodiment, the operation and maintenance industrial control system management item is formed in the following manner:
acquiring the working state of a network station in the operation and maintenance industrial control system, and carrying out safety monitoring on a single network station;
and acquiring the network running state in the operation and maintenance industrial control system in real time, when network attack occurs in the primary security firewall, enabling the secondary security firewall corresponding to the network station, carrying out security prevention and control alarm prompt aiming at the network station receiving the attack, and forming an operation and maintenance industrial control system management item by combining the network attack received by the primary firewall.
In a preferred embodiment, the division of the network attack strengths is:
acquiring management item information of an operation and maintenance industrial control system, grading the network attack degree, and grading according to the intensity of a first-level security firewall and a second-level security firewall of the network attack, wherein the intensity of the network attack is respectively as follows:
a general intensity level;
a step intensity level;
severe intensity rating;
when the network attack intensity is the general intensity level, the standby industrial control system is not started; monitoring the defending progress of the network attack in real time when the intensity level is advanced, and starting an auxiliary industrial control system when the intensity level is advanced to a serious intensity level;
and automatically switching the network station under network attack to the network station in the standby industrial control system according to the network station under network attack in the operation and maintenance industrial control system, and simultaneously automatically connecting the network station under network attack to the safety protection sub-platform.
In a preferred embodiment, the network patrol is performed by:
and carrying out network security inspection on the operation and maintenance industrial control system in real time, marking dangerous network information, acquiring network attack characteristics, forming a network attack characteristic library, forming protective measures according to the data of the network attack characteristic library, carrying out inspection on the operation and maintenance industrial control system according to the protective measures, and carrying out vulnerability repair.
In a preferred embodiment, the safety protection feasibility evaluation mode of the operation and maintenance industrial control system is as follows:
the method comprises the steps of obtaining the times of attacks of a primary security firewall and a secondary security firewall of an industrial control system, the strength of network attacks and the occurrence position of the network attacks, further evaluating the security protection performance of the operation and maintenance industrial control system to obtain a security evaluation coefficient of the operation and maintenance industrial control system, wherein the calculation formula is as follows:
wherein ,for the safety evaluation coefficient of the operation and maintenance industrial control system, τ is the weight factor of the network attack between the primary safety firewall and the secondary safety firewall, ω is the weight factor of the network attack outside the primary safety firewall, n y The number of times a general intensity level occurs for a network attack, n e The number of times the advanced intensity level appears for network attack, n s The number of times that the serious intensity level of the network attack appears; alpha, beta and epsilon are respectively network attack evaluation indexes of general intensity level, advanced intensity level and serious intensity level.
In a preferred embodiment, τ < ω, α < β < ε, and when the security evaluation coefficient of the operation and maintenance industrial control system is smaller than the set security threshold, the maintenance of the primary security firewall and the secondary security firewall is enhanced.
In the technical scheme, the application has the technical effects and advantages that:
1. the application has better shielding function, can replace the shielded network site in time, avoids affecting the normal use of an industrial control system, and can also better defend network attack;
2. the application has better monitoring function of the safety protection of the industrial control system, can know the state of the safety protection of the operation and maintenance industrial control system in real time, and can carry out timely strengthening maintenance, and the capability of network attack can be strengthened along with the development progress of the times, so that the safety protection capability of the operation and maintenance industrial control system also needs to be strengthened.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
Fig. 1 is a system block diagram of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
An embodiment 1, please refer to fig. 1, wherein the system for checking and evaluating the network security protection capability of the industrial control system according to the present embodiment includes an industrial control system monitoring unit, a risk shielding unit, a risk protection unit, a twins industrial control system, a security protection sub-platform, a background operation and maintenance platform, a vulnerability repairing unit, and a network security evaluation unit;
the twins industrial control system is two identical industrial control systems, wherein one industrial control system is connected with the background operation and maintenance platform and is used as an operation and maintenance industrial control system; the other industrial control system is used as a standby, and is used as a standby industrial control system, and the operation and maintenance industrial control system transmits and backs up information to the standby industrial control system in real time;
the industrial control system is provided with a plurality of network stations, and the network stations in the operation and maintenance industrial control system and the standby industrial control system are in parallel relation;
setting the synchronous frequency of data between the network stations in the operation and maintenance industrial control system and the standby industrial control system, and correspondingly storing the network station data in the operation and maintenance industrial control system into the network station of the standby industrial control system according to the set synchronous evaluation rate;
the data synchronization is carried out according to the set frequency, so that the situation that the data of the standby network station is lost after the network station is shielded by network attack can be reduced, and smooth replacement can be carried out between the standby industrial control system and the operation and maintenance industrial control system;
the risk protection unit is used for constructing a safety firewall for the network safety of the operation and maintenance industrial control system to form a safety protection item;
acquiring information of a coverage area of an operation and maintenance industrial control system and information of a network site (a main body of equipment for transmitting and receiving information), and constructing a first-level security firewall in the coverage area of the operation and maintenance industrial control system;
meanwhile, constructing secondary security firewalls one by one corresponding to network sites in the operation and maintenance industrial control system, and simultaneously establishing a regional corresponding relation between the primary security firewall and the secondary security firewall, and associating the primary security firewall with the secondary security firewall according to the network attack position, wherein the primary security firewall has the condition of being associated with a plurality of secondary security firewalls;
when the primary security firewall is not attacked by the network, the secondary security firewall is in a standby state;
when the primary security firewall is attacked by the network, correspondingly triggering the opening of the associated secondary security firewall according to the attacked position of the primary security firewall;
the safety protection effect on the industrial control system can be ensured, meanwhile, the operation pressure of a safety protection background operation and maintenance platform is reduced, the safety protection background operation and maintenance platform has a better targeted protection effect, and the operation efficiency of the system is greatly improved;
the industrial control system monitoring unit is used for carrying out safety protection monitoring on the operation and maintenance industrial control system to form an operation and maintenance industrial control system management item;
acquiring the working state of a network station in the operation and maintenance industrial control system, and carrying out safety monitoring on a single network station;
acquiring a network running state in the operation and maintenance industrial control system in real time, when network attack occurs in the primary security firewall, enabling a secondary security firewall corresponding to the network site, carrying out security prevention and control alarm prompt aiming at the network site receiving the attack, and forming an operation and maintenance industrial control system management item by combining the network attack received by the primary firewall;
the risk shielding unit is used for carrying out network security risk monitoring on the operation and maintenance industrial control system, forming a risk grade, and selecting to carry out risk shielding on the operation and maintenance industrial control system according to the risk grade;
acquiring management item information of an operation and maintenance industrial control system, grading the network attack degree, and grading according to the intensity of a first-level security firewall and a second-level security firewall of the network attack, wherein the intensity of the network attack is respectively as follows:
the general intensity level (the defending intensity of the primary security firewall and the secondary security firewall is greater than the network attack intensity);
the advanced strength level (the defending strength of the primary security firewall and the secondary security firewall is equal to the network attack strength);
the serious strength grade (the defending strength of the primary security firewall and the secondary security firewall is smaller than the network attack strength);
when the network attack intensity is the general intensity level, the standby industrial control system is not started; monitoring the defending progress of the network attack in real time when the intensity level is advanced, and starting an auxiliary industrial control system when the intensity level is advanced to a serious intensity level; when the intensity is in a serious intensity level, starting an auxiliary industrial control system;
according to the network station under network attack in the operation and maintenance industrial control system, automatically switching to the network station in the standby industrial control system, and simultaneously automatically connecting the network station under network attack to the safety protection sub-platform;
the shielding function is better, the shielded network site can be replaced in time, the normal use of an industrial control system is prevented from being influenced, and meanwhile, the network attack can be well defended;
the vulnerability repairing unit is used for carrying out network patrol on the network security of the operation and maintenance industrial control system, and searching for network security vulnerabilities to repair;
carrying out network security inspection on the operation and maintenance industrial control system in real time, marking dangerous network information, acquiring network attack characteristics, forming a network attack characteristic library, and forming protective measures according to the data of the network attack characteristic library;
and carrying out inspection and maintenance on the operation and maintenance industrial control system according to the protective measures and carrying out bug repair.
In embodiment 2, referring to fig. 1, the network security assessment unit is configured to collect and assess information about security feasibility of an operation and maintenance industrial control system;
the method comprises the steps of obtaining the times of attacks of a primary security firewall and a secondary security firewall of an industrial control system, the strength of network attacks and the occurrence position of the network attacks, further evaluating the security protection performance of the operation and maintenance industrial control system to obtain a security evaluation coefficient of the operation and maintenance industrial control system, wherein the calculation formula is as follows:
wherein ,for the safety evaluation coefficient of the operation and maintenance industrial control system, τ is the weight factor of the network attack between the primary safety firewall and the secondary safety firewall, ω is the weight factor of the network attack outside the primary safety firewall, n y The number of times a general intensity level occurs for a network attack, n e The number of times the advanced intensity level appears for network attack, n s The number of times that the serious intensity level of the network attack appears; alpha, beta and epsilon are respectively network attack evaluation indexes of a general intensity level, a progressive intensity level and a serious intensity level; note that n s 、n e And n y The greater the number of ++>The larger the value of (C) is, the worse the safety protection capability of the operation and maintenance industrial control system is, and τ is<ω,α<β<Epsilon, when the safety evaluation coefficient of the operation and maintenance industrial control system is smaller than a set safety threshold, namely, the protection performance of the firewall is enhanced, and the safety evaluation coefficient of the operation and maintenance industrial control system is reduced;
the system has a good industrial control system safety protection monitoring function, can know the safety protection state of the operation and maintenance industrial control system in real time, and performs timely strengthening maintenance, and the network attack capacity is strengthened along with the development progress of the times, so that the safety protection capacity of the operation and maintenance industrial control system also needs to be strengthened;
the safety protection sub-platform is in data connection with the background operation and maintenance platform, and after the operation and maintenance industrial control system performs risk shielding, the safety protection sub-platform is connected with a network site in the operation and maintenance industrial control system, and risk is relieved for the network site;
the network station under network attack is connected through the safety protection sub-platform to eliminate network attack viruses, the network station is recovered to be the network station in the standby industrial control system after the health state is recovered, then the connection with the safety protection sub-platform is disconnected, further the next use is waited, the same network station is arranged in the operation and maintenance industrial control system and the standby industrial control system, and the same two network stations are mutually replaced.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (8)

1. An industrial control system network security protection ability inspection evaluation system which is characterized in that: the system comprises an industrial control system monitoring unit, a risk shielding unit, a risk protection unit, a twins industrial control system, a safety protection sub-platform, a background operation and maintenance platform, a vulnerability repairing unit and a network safety evaluation unit;
the twins industrial control system is two identical industrial control systems, wherein one industrial control system is connected with the background operation and maintenance platform and is used as an operation and maintenance industrial control system; the other industrial control system is used as a standby, and is used as a standby industrial control system, and the operation and maintenance industrial control system transmits and backs up information to the standby industrial control system in real time;
the risk protection unit is used for constructing a safety firewall for the network safety of the operation and maintenance industrial control system to form a safety protection item;
the industrial control system monitoring unit is used for carrying out safety protection monitoring on the operation and maintenance industrial control system to form an operation and maintenance industrial control system management item;
the risk shielding unit is used for carrying out network security risk monitoring on the operation and maintenance industrial control system, forming a risk grade, and selecting to carry out risk shielding on the operation and maintenance industrial control system according to the risk grade;
the vulnerability repairing unit is used for carrying out network patrol on the network security of the operation and maintenance industrial control system, and searching for network security vulnerabilities to repair;
the network security assessment unit is used for collecting and assessing information of security protection feasibility of the operation and maintenance industrial control system;
the safety protection sub-platform is in data connection with the background operation and maintenance platform, and after the operation and maintenance industrial control system performs risk shielding, the safety protection sub-platform is connected with a network site in the operation and maintenance industrial control system, and risk is relieved for the network site.
2. The industrial control system network security capability inspection and assessment system according to claim 1, wherein: the relation establishment mode of the twins industrial control system is as follows:
the industrial control system is provided with a plurality of network stations, and the network stations in the operation and maintenance industrial control system and the standby industrial control system are in parallel relation;
setting the synchronous frequency of data between the network stations in the operation and maintenance industrial control system and the standby industrial control system, and correspondingly storing the network station data in the operation and maintenance industrial control system into the network station of the standby industrial control system according to the set synchronous evaluation rate;
and synchronizing the data according to the set frequency.
3. The industrial control system network security capability checking and evaluating system according to claim 2, wherein: the firewall is established in the following way:
acquiring information of a coverage area of an operation and maintenance industrial control system and information of a network site, and constructing a first-level security firewall in the coverage area of the operation and maintenance industrial control system;
meanwhile, a secondary security firewall is correspondingly built one by one aiming at network sites in the operation and maintenance industrial control system, meanwhile, the area corresponding relation between the primary security firewall and the secondary security firewall is built, and the primary security firewall and the secondary security firewall are associated according to the position of network attack.
4. The industrial control system network security capability checking and evaluating system according to claim 3, wherein: the management item forming mode of the operation and maintenance industrial control system is as follows:
acquiring the working state of a network station in the operation and maintenance industrial control system, and carrying out safety monitoring on a single network station;
and acquiring the network running state in the operation and maintenance industrial control system in real time, when network attack occurs in the primary security firewall, enabling the secondary security firewall corresponding to the network station, carrying out security prevention and control alarm prompt aiming at the network station receiving the attack, and forming an operation and maintenance industrial control system management item by combining the network attack received by the primary firewall.
5. The industrial control system network security capability checking and evaluating system according to claim 4, wherein: the network attack intensity is divided into:
acquiring management item information of an operation and maintenance industrial control system, grading the network attack degree, and grading according to the intensity of a first-level security firewall and a second-level security firewall of the network attack, wherein the intensity of the network attack is respectively as follows:
a general intensity level;
a step intensity level;
severe intensity rating;
when the network attack intensity is the general intensity level, the standby industrial control system is not started; monitoring the defending progress of the network attack in real time when the intensity level is advanced, and starting an auxiliary industrial control system when the intensity level is advanced to a serious intensity level;
and automatically switching the network station under network attack to the network station in the standby industrial control system according to the network station under network attack in the operation and maintenance industrial control system, and simultaneously automatically connecting the network station under network attack to the safety protection sub-platform.
6. The industrial control system network security capability inspection and assessment system according to claim 1, wherein: the network patrol mode is as follows:
and carrying out network security inspection on the operation and maintenance industrial control system in real time, marking dangerous network information, acquiring network attack characteristics, forming a network attack characteristic library, forming protective measures according to the data of the network attack characteristic library, carrying out inspection on the operation and maintenance industrial control system according to the protective measures, and carrying out vulnerability repair.
7. The industrial control system network security capability inspection and assessment system according to claim 5, wherein: the safety protection feasibility evaluation mode for the operation and maintenance industrial control system is as follows:
the method comprises the steps of obtaining the times of attacks of a primary security firewall and a secondary security firewall of an industrial control system, the strength of network attacks and the occurrence position of the network attacks, further evaluating the security protection performance of the operation and maintenance industrial control system to obtain a security evaluation coefficient of the operation and maintenance industrial control system, wherein the calculation formula is as follows:
wherein ,for the safety evaluation coefficient of the operation and maintenance industrial control system, τ is the weight factor of the network attack between the primary safety firewall and the secondary safety firewall, ω is the weight factor of the network attack outside the primary safety firewall, n y The number of times a general intensity level occurs for a network attack, n e The number of times the advanced intensity level appears for network attack, n s The number of times that the serious intensity level of the network attack appears; alpha, beta and epsilon are respectively the general intensity level, the advanced intensity level and the epsilonNetwork attack rating index for severity level.
8. The industrial control system network security capability inspection and assessment system according to claim 7, wherein: and when the security evaluation coefficient of the operation and maintenance industrial control system is smaller than a set security threshold value, the maintenance reinforcement of the primary security firewall and the secondary security firewall is carried out.
CN202310825226.4A 2023-07-06 2023-07-06 Industrial control system network safety protection capability checking and evaluating system Active CN116800511B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310825226.4A CN116800511B (en) 2023-07-06 2023-07-06 Industrial control system network safety protection capability checking and evaluating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310825226.4A CN116800511B (en) 2023-07-06 2023-07-06 Industrial control system network safety protection capability checking and evaluating system

Publications (2)

Publication Number Publication Date
CN116800511A true CN116800511A (en) 2023-09-22
CN116800511B CN116800511B (en) 2024-04-02

Family

ID=88041936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310825226.4A Active CN116800511B (en) 2023-07-06 2023-07-06 Industrial control system network safety protection capability checking and evaluating system

Country Status (1)

Country Link
CN (1) CN116800511B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543301A (en) * 2018-11-22 2019-03-29 苏州健雄职业技术学院 A kind of network security attacks prototype modeling method based on Industry Control
CN111885094A (en) * 2020-09-28 2020-11-03 浙江省能源集团有限公司 Industrial control system network safety protection capability inspection and evaluation system
WO2021227465A1 (en) * 2020-09-24 2021-11-18 中广核工程有限公司 Security defense method and system for industrial control system network
CN114418263A (en) * 2021-11-26 2022-04-29 内蒙古大唐国际托克托发电有限责任公司 A defense system for power monitoring device of thermal power plant
CN114417328A (en) * 2022-01-19 2022-04-29 湖南警察学院 Abnormal attack behavior detection method for industrial control system
KR20220145580A (en) * 2021-04-22 2022-10-31 명지대학교 산학협력단 Security Managing Method For Industrial Control System To Detect DLL Injection
US20230057332A1 (en) * 2020-01-22 2023-02-23 Siemens Industry, Inc. Real-time and independent cyber-attack monitoring and automatic cyber-attack response system
CN116318783A (en) * 2022-12-05 2023-06-23 浙江大学 Network industrial control equipment safety monitoring method and device based on safety index

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543301A (en) * 2018-11-22 2019-03-29 苏州健雄职业技术学院 A kind of network security attacks prototype modeling method based on Industry Control
US20230057332A1 (en) * 2020-01-22 2023-02-23 Siemens Industry, Inc. Real-time and independent cyber-attack monitoring and automatic cyber-attack response system
WO2021227465A1 (en) * 2020-09-24 2021-11-18 中广核工程有限公司 Security defense method and system for industrial control system network
CN111885094A (en) * 2020-09-28 2020-11-03 浙江省能源集团有限公司 Industrial control system network safety protection capability inspection and evaluation system
KR20220145580A (en) * 2021-04-22 2022-10-31 명지대학교 산학협력단 Security Managing Method For Industrial Control System To Detect DLL Injection
CN114418263A (en) * 2021-11-26 2022-04-29 内蒙古大唐国际托克托发电有限责任公司 A defense system for power monitoring device of thermal power plant
CN114417328A (en) * 2022-01-19 2022-04-29 湖南警察学院 Abnormal attack behavior detection method for industrial control system
CN116318783A (en) * 2022-12-05 2023-06-23 浙江大学 Network industrial control equipment safety monitoring method and device based on safety index

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
尹肖栋;严丹;赵一凡;: "论工业控制系统网络安全风险评估试点工作", 软件, no. 09 *
李莉;: "工业控制系统信息安全浅析", 电子产品世界, no. 02 *

Also Published As

Publication number Publication date
CN116800511B (en) 2024-04-02

Similar Documents

Publication Publication Date Title
CN114978770A (en) Internet of things security risk early warning management and control method and system based on big data
CN110443037B (en) Power monitoring network security situation perception method based on improved AHP method
CN101034976B (en) Intrusion detection in an IP connected security system
Zhu et al. Intrusion detection against MMS-based measurement attacks at digital substations
CN116800511B (en) Industrial control system network safety protection capability checking and evaluating system
Kelli et al. Risk analysis of DNP3 attacks
CN103139219B (en) Based on the attack detection method of the Spanning-Tree Protocol of credible switchboard
CN117201188B (en) IT safe operation risk prediction method, system and medium based on big data
CN117176249A (en) Intelligent monitoring system for optical fiber network
CN107277070A (en) A kind of computer network instrument system of defense and intrusion prevention method
CN112398693A (en) Assessment method for safety protection capability of power Internet of things sensing layer
Liu et al. Node Importance Evaluation of Cyber-Physical System under Cyber-Attacks Spreading
Ni et al. Design of a game theory based defense system for power system cyber security
Shake et al. Assessing network infrastructure vulnerabilities to physical layer attacks
CN111447168B (en) Multidimensional network security prediction method
Sahu et al. Score: A security-oriented cyber-physical optimal response engine
Zhang et al. A cyber security risk assessment methodology for CBTC systems based on complex network theory and attack graph
CN109104725A (en) The method for preventing joint network from attacking in Tactical Mobile ad hoc network
LU504889B1 (en) DCS Network Security Monitoring System
Chen et al. Risk assessment of distribution network considering network attack
CN115801591B (en) Quantitative calculation method for network security vulnerability assessment
CN117560212A (en) Risk propagation path assessment method for coupling information space and physical system of power distribution network
CN116527380A (en) Network security monitoring method and system for hierarchical distributed collaborative supervision system
Zubok et al. Empirical Study of New Metrics for the Internet Route Hijack Risk Assessment.
Nicheporuk et al. A Framework for Detection of MitM Cyberattacks in Smart Grid Networks Based on the Application of the Ensemble Process for Feature Selection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20240123

Address after: Room 413, Unit 1, Building 1, Tian'an Digital City, No. 1 Huangjin Road, Nancheng Street, Dongguan City, Guangdong Province, 523000

Applicant after: Dongguan Minglu Information Technology Co.,Ltd.

Country or region after: China

Address before: Room 1001, unit 4, building 6, Tianan Digital City, No.1, Huangjin Road, Nancheng street, Dongguan City, Guangdong Province, 523000

Applicant before: GUANGDONG WANER TECHNOLOGY Co.,Ltd.

Country or region before: China

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20240308

Address after: Room 901, No. 2, Lane 288, Qianfan Road, Xinqiao Town, Songjiang District, Shanghai 201612

Applicant after: Shikong (Shanghai) brand planning Co.,Ltd.

Country or region after: China

Address before: Room 413, Unit 1, Building 1, Tian'an Digital City, No. 1 Huangjin Road, Nancheng Street, Dongguan City, Guangdong Province, 523000

Applicant before: Dongguan Minglu Information Technology Co.,Ltd.

Country or region before: China

GR01 Patent grant
GR01 Patent grant