CN217282957U - Network security intrusion detection defense device - Google Patents

Network security intrusion detection defense device Download PDF

Info

Publication number
CN217282957U
CN217282957U CN202122959437.6U CN202122959437U CN217282957U CN 217282957 U CN217282957 U CN 217282957U CN 202122959437 U CN202122959437 U CN 202122959437U CN 217282957 U CN217282957 U CN 217282957U
Authority
CN
China
Prior art keywords
industrial
network security
power supply
control module
output end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202122959437.6U
Other languages
Chinese (zh)
Inventor
尚宪和
游江东
方金土
吴楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CNNC Nuclear Power Operation Management Co Ltd
Original Assignee
CNNC Nuclear Power Operation Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CNNC Nuclear Power Operation Management Co Ltd filed Critical CNNC Nuclear Power Operation Management Co Ltd
Priority to CN202122959437.6U priority Critical patent/CN217282957U/en
Application granted granted Critical
Publication of CN217282957U publication Critical patent/CN217282957U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The utility model belongs to the technical field of industrial control, it discloses a network security intrusion detection defense device. The device comprises: the control module is provided with an input end and an output end, the input end is connected with a destination port of destination equipment, and the output end is used for sending a power supply cut-off instruction generated by the control module; the power-off module is connected with the output end of the control module, is also connected with a power supply device of the industrial network safety equipment and is used for cutting off the power supply of the power supply device; the destination port of the destination device is connected with the mirror image port of the industrial network security device, and the destination port of the destination device is used for sending the mirror image message to the control module. By the scheme, the network security intrusion detection defense device fails when the industrial network security equipment is attacked, and can respond at the first time and automatically execute measures by taking measures for cutting off a power supply when an intrusion path needs to be cut off, so that the security of the field equipment of the industrial control system is protected.

Description

Network security intrusion detection defense device
Technical Field
The utility model belongs to the technical field of industrial control, in particular to network security intrusion detection defense device.
Background
For a long time, the office information network and the industrial control network are physically isolated. However, with the improvement of the degree of informatization, the connection between the industrial control network and the office information network is increasingly tight, and various ERP (Enterprise Resource Planning) systems and MES (Manufacturing Execution System) come across, thereby providing convenience for hackers to infiltrate the industrial control network. Secondary protection of industrial control networks is therefore very important in important industrial installations.
At present, most industrial control networks adopt a mode that logs, alarms and the like need to be judged and intervened manually and then measures are taken, the efficiency is low, and for the industrial control network with a short control period, the protection mode can not effectively protect the industrial control network.
SUMMERY OF THE UTILITY MODEL
In order to solve at least the problems existing in the prior art: the problem that effective protection cannot be implemented on an industrial control network with a short control period by adopting a manual mode is solved.
The utility model provides a network security intrusion detection defense device for industrial control system, industrial control system has industrial network security equipment, network security intrusion detection defense device includes: the control module is provided with an input end and an output end, the input end is connected with a destination port of destination equipment, and the output end is used for sending a power supply cut-off instruction generated by the control module; the input end of the power-off module is connected with the output end of the control module, and the output end of the power-off module is used for cutting off the power supply of the power supply device; the destination port of the destination device is connected with the mirror image port of the industrial network security device, and the destination port of the destination device is used for sending the mirror image message to the control module.
In the network security intrusion detection defense apparatus as described above, optionally, the destination device is the industrial network security device.
In the network security intrusion detection defense device as described above, optionally, the control module is an industrial grade motherboard.
In the network security intrusion detection defense apparatus as described above, optionally, the power-off module includes: the input end of the microprocessor is connected with the output end of the control module; and the input end of the power supply control actuator is connected with the output end of the microprocessor, and the output end of the power supply control actuator is connected with the power supply device.
In the network security intrusion detection defense apparatus as described above, optionally, the power control actuator is a relay.
In the network security intrusion detection defense apparatus as described above, optionally, the industrial network security device is an industrial firewall or an industrial gatekeeper.
The embodiment of the utility model provides a beneficial effect that technical scheme brought is:
by arranging the control module and the power-off module and connecting the target port of the target equipment with the mirror image port of the industrial network safety equipment, the purpose that the input end of the control module of the target port is connected with the input end of the power-off module based on independent secondary messages (namely mirror image messages) is realized, the output end of the control module is connected with the input end of the power-off module, and the output end of the power-off module is connected with the power supply device of the industrial network safety equipment, so that when an invasion way needs to be cut off, for example, when the industrial network safety equipment is attacked and fails, the power-off measures can be adopted, response can be carried out at the first time, measures are automatically executed, and the safety of field equipment of an industrial control system is protected.
Drawings
Fig. 1 is a schematic structural diagram of a network security intrusion detection defense apparatus according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an industrial network security device system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of another industrial network security device system according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a signal flow provided by an embodiment of the present invention;
the symbols in the figures are as follows:
1 control module, 2 outage module, 3 industrial network safety equipment.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
The industrial control system has an industrial network security device 3, which may be an industrial firewall, an industrial gatekeeper, or the like. During the operation process, the industrial network security device 3 receives the message, analyzes the analyzed message according to a preset policy rule base (such as a firewall policy), obtains an analysis result, and stores the analysis result in a log file. The log file records the system state of the industrial control system and classifies the system state according to the security level. Different measures are required to be taken to respond to different security levels, and some security levels can correspond to the failure event of the industrial network security device 3 under attack. In the prior art, after the log file is judged and intervened manually, measures are taken to respond. For some important industrial equipment, the control period is ms, if the equipment is maliciously invaded and damaged, for example, the industrial network security equipment 3 is attacked and fails, when the invasion path needs to be cut off, a power supply cut-off measure can be adopted, if the existing manual mode is adopted for processing, the equipment cannot respond at the first time, and then a physical isolation measure or the invasion path can not be adopted, that is, before manual intervention, the industrial equipment is damaged, and the safety of the industrial equipment cannot be protected.
In view of this, referring to fig. 1-4, the present invention provides a network security intrusion detection defense apparatus, which is applied in an industrial control system.
Specifically, the network security intrusion detection defense device, or the secondary defense device of the industrial network security equipment, includes: a control module 1 and a power-off module 2. The control module 1 is used for receiving the mirror image message of the industrial network security device 3, analyzing the mirror image message and generating a power supply cut-off instruction. The control module 1 has an input and an output. The input end of the control module 1 is used for receiving the mirror image message, and is connected with the destination port of the destination device. The output end of the control module 1 is used for sending a power supply cut-off instruction. By the mirroring technology, a message received by the mirroring port of the industrial network security device 3 can be copied to a destination port, and the destination port sends the message copied by the mirroring port (called a mirroring message) to the control module 1. The device in which the destination port is located is called the destination device. It should be noted that the mirror image technology and the way of generating the power-off instruction by the control module 1 according to the mirror image message are the prior art. The power-off module 2 is used to cut off the power supply of the industrial network security device 3, in other words, to make the industrial network security device 3 cut off the power supply. The power-off module 2 is connected with the output end of the control module 1 and is also connected with a power supply device of the industrial network safety equipment 3. When the power-off module 2 receives the power-off instruction, the power supply of the power supply device is cut off.
By arranging the control module 1 and the power-off module 2 and connecting the target port of the target equipment with the mirror image port of the industrial network safety equipment 3, the purpose that the target port can be based on independent secondary messages (namely mirror image messages) is realized, the target port is also connected with the input end of the control module 1, the output end of the control module 1 is connected with the input end of the power-off module 2, and the output end of the power-off module 2 is connected with the power supply device of the industrial network safety equipment 3, so that the industrial network safety equipment 3 is attacked to fail, when an invasion path needs to be cut off, the power supply can be cut off by taking measures to respond at the first time, measures are automatically executed, and the safety of field equipment of an industrial control system is protected.
The target device is an industrial network security device 3, and at this time, the target device is directly connected with the control module 1, that is, the industrial network security device 3 sends the mirror image message to the control module 1. When the method is applied, the message copied from the mirror image port is directly forwarded to the control module 1 connected with the mirror image port through the mirror image of the local port, so that the response speed can be improved.
The control module 1 is preferably an industrial grade mainboard, so that the operation reliability of the network security intrusion detection defense device can be improved, and the network security intrusion detection defense device is suitable for long-time high-load operation. The industrial-grade motherboard may be an X86 industrial-grade motherboard on which a Linux system is running. In other embodiments, the industrial motherboard may also be another type of motherboard, which is not limited in this embodiment. The input end of the control module 1 may be a network port, and the mirror image port may be a network port.
The power-off module 2 includes: microprocessor and power control actuator. The microprocessor has an input and an output. The microprocessor is used for receiving the power supply cut-off instruction and generating a control signal, and the input end of the microprocessor is connected with the output end of the control module 1 so as to receive the power supply cut-off instruction sent by the control module 1. The microprocessor can be a single chip microcomputer, such as a C8051 series single chip microcomputer, an STM32 series single chip microcomputer, a PIC single chip microcomputer and the like. The power control actuator is used for receiving the control signal and executing a power control action, namely, a power cut-off action, the input end of the power control actuator is connected with the output end of the microprocessor, and the output end of the power control actuator is connected with the power supply device. In practical applications, the power down module 2 may be referred to as an acquisition front end.
The power control actuator is preferably a relay, and the power-off module 2 is a power-off module based on the relay, so that the power control actuator is designed to be simple and convenient to execute power control actions. Can be as follows: the coil of the relay is connected with the output end of the microprocessor, the normally closed contact of the relay is connected with the power line of the power supply device, and the power supply device supplies power to the industrial network safety equipment through the power line. After the microprocessor receives the power supply cut-off instruction, the output end of the microprocessor outputs a high level, no current passes through the coil at the moment, and then the normally closed contact of the relay is disconnected, so that the power failure is realized. In other embodiments, other implementation manners may also be adopted, and this embodiment does not limit this.
The following is included in the prior art, and the control module 1 further includes: and the message analysis and judgment submodule is used for analyzing and judging the mirror image message. Specifically, the mirror image message of the industrial network security device 3 is collected or received in real time, then the protocol type of the received data packet is judged, different storage units are created according to the protocol type, and the data packet is disassembled according to the protocol frame structure and stored in the storage unit of the control module 1. And the device is also used for calling a corresponding preset strategy rule base according to the type of the protocol after receiving the data packet analyzed by the message analysis submodule, obtaining an analysis result in a strategy audit mode, storing the analysis result in the log processing submodule, and generating a corresponding power supply cut-off instruction, namely an instruction for indicating to cut off the power supply of the industrial network safety equipment 3, when the power supply needs to be cut off. Referring to fig. 4, the power-off instruction generated by the message analysis and judgment sub-module is sent to the acquisition front-end communication interface driving sub-module, converted into a corresponding signal and sent to the main board communication interface of the acquisition front-end, and then the acquisition front-end executes a corresponding command. In other embodiments, other existing technologies may also be adopted, and this embodiment does not limit this.
Referring to fig. 3, an embodiment of the present invention further provides an industrial network security device system, which includes: industrial network security equipment 3 and network security intrusion detection defense devices. The industrial network security device 3 may be disposed between a production management system and a control system located on site. The network security intrusion detection and defense device is the network security intrusion detection and defense device.
It will be appreciated by those skilled in the art that the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The embodiments disclosed above are therefore to be considered in all respects as illustrative and not restrictive. All changes which come within the scope of the invention or which are equivalent to the scope of the invention are embraced by the invention.

Claims (3)

1. A network security intrusion detection defense apparatus for an industrial control system having an industrial network security device, the network security intrusion detection defense apparatus comprising:
the control module is provided with an input end and an output end, the input end is connected with a destination port of destination equipment, and the output end is used for sending a power supply cut-off instruction generated by the control module; and
the input end of the power-off module is connected with the output end of the control module, and the output end of the power-off module is connected with a power supply device of the industrial network safety equipment and used for cutting off the power supply of the power supply device;
the destination port of the destination device is connected with the mirror image port of the industrial network security device, and the destination port of the destination device is used for sending a mirror image message to the control module;
the destination device is the industrial network security device;
the control module is an industrial grade mainboard;
the industrial network security equipment is an industrial firewall or an industrial gatekeeper.
2. The network security intrusion detection defense apparatus according to claim 1, wherein the power-off module includes:
the input end of the microprocessor is connected with the output end of the control module; and
the input end of the power supply control actuator is connected with the output end of the microprocessor, and the output end of the power supply control actuator is connected with the power supply device.
3. The network security intrusion detection defense apparatus according to claim 2, wherein the power control actuator is a relay.
CN202122959437.6U 2021-11-25 2021-11-25 Network security intrusion detection defense device Active CN217282957U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202122959437.6U CN217282957U (en) 2021-11-25 2021-11-25 Network security intrusion detection defense device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202122959437.6U CN217282957U (en) 2021-11-25 2021-11-25 Network security intrusion detection defense device

Publications (1)

Publication Number Publication Date
CN217282957U true CN217282957U (en) 2022-08-23

Family

ID=82882782

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202122959437.6U Active CN217282957U (en) 2021-11-25 2021-11-25 Network security intrusion detection defense device

Country Status (1)

Country Link
CN (1) CN217282957U (en)

Similar Documents

Publication Publication Date Title
US10432650B2 (en) System and method to protect a webserver against application exploits and attacks
CN109714230B (en) Flow monitoring method and device and computing equipment
RU2535630C2 (en) Method and apparatus for collecting mobile communication data
CN112468592B (en) Terminal online state detection method and system based on electric power information acquisition
CN111669371B (en) Network attack restoration system and method suitable for power network
CN112788035B (en) Network attack warning method of UPF terminal under 5G and terminal
CN111431754A (en) Fault analysis method and system for power distribution and utilization communication network
CN111130821A (en) Power failure alarm method, processing method and device
CN107733941B (en) Method and system for realizing data acquisition platform based on big data
CN112257069A (en) Server security event auditing method based on flow data analysis
CN217282957U (en) Network security intrusion detection defense device
CN116436668A (en) Information security control method and related device
KR102160537B1 (en) Digital substation with smart gateway
CN115276234A (en) Power network safety monitoring system
CN114374838A (en) Network camera monitoring method, device, equipment and medium
KR102145421B1 (en) Digital substation with smart gateway
CN1175350C (en) Host computer performance monitoring and automatic reacting system
CN114124555A (en) Message playback method and device, electronic equipment and computer readable medium
CN111988333B (en) Proxy software work abnormality detection method, device and medium
KR102160539B1 (en) Digital substation with smart gateway
CN116112295B (en) Method and device for researching and judging external connection type attack result
CN115766814A (en) Machine room safe operation protection device, method, equipment and medium
CN115021953B (en) Network security monitoring device
CN116074388B (en) Flow forwarding method and system based on log queue
CN217932495U (en) Cloud platform intelligence fortune dimension equipment

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant