DE102016109358B4 - Konfigurierbares Robustheitsmittel in einem Anlagensicherheitssystem - Google Patents

Konfigurierbares Robustheitsmittel in einem Anlagensicherheitssystem Download PDF

Info

Publication number
DE102016109358B4
DE102016109358B4 DE102016109358.0A DE102016109358A DE102016109358B4 DE 102016109358 B4 DE102016109358 B4 DE 102016109358B4 DE 102016109358 A DE102016109358 A DE 102016109358A DE 102016109358 B4 DE102016109358 B4 DE 102016109358B4
Authority
DE
Germany
Prior art keywords
messages
message
network
module
sets
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
DE102016109358.0A
Other languages
German (de)
English (en)
Other versions
DE102016109358A1 (de
Inventor
Vinaya S. Rayapeta
Jacob B. Peschansky
William E. Bennett
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fisher Rosemount Systems Inc
Original Assignee
Fisher Rosemount Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fisher Rosemount Systems Inc filed Critical Fisher Rosemount Systems Inc
Publication of DE102016109358A1 publication Critical patent/DE102016109358A1/de
Application granted granted Critical
Publication of DE102016109358B4 publication Critical patent/DE102016109358B4/de
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B13/00Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion
    • G05B13/02Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric
    • G05B13/04Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric involving the use of models or simulators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • G05B19/4185Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
    • G05B19/41855Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication by local area network [LAN], network structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Manufacturing & Machinery (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Quality & Reliability (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Testing And Monitoring For Control Systems (AREA)
DE102016109358.0A 2015-05-22 2016-05-20 Konfigurierbares Robustheitsmittel in einem Anlagensicherheitssystem Active DE102016109358B4 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/719,946 US11363035B2 (en) 2015-05-22 2015-05-22 Configurable robustness agent in a plant security system
US14/719,946 2015-05-22

Publications (2)

Publication Number Publication Date
DE102016109358A1 DE102016109358A1 (de) 2016-11-24
DE102016109358B4 true DE102016109358B4 (de) 2025-05-22

Family

ID=56297397

Family Applications (1)

Application Number Title Priority Date Filing Date
DE102016109358.0A Active DE102016109358B4 (de) 2015-05-22 2016-05-20 Konfigurierbares Robustheitsmittel in einem Anlagensicherheitssystem

Country Status (5)

Country Link
US (1) US11363035B2 (enExample)
JP (1) JP6923265B2 (enExample)
CN (1) CN106168757B (enExample)
DE (1) DE102016109358B4 (enExample)
GB (1) GB2541493B (enExample)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6759572B2 (ja) 2015-12-15 2020-09-23 横河電機株式会社 統合生産システム
JP6693114B2 (ja) * 2015-12-15 2020-05-13 横河電機株式会社 制御装置及び統合生産システム
JP6613200B2 (ja) * 2016-04-18 2019-11-27 ファナック株式会社 生産管理装置からの指令に応じて製造セルを制御するセル制御装置
US10523635B2 (en) * 2016-06-17 2019-12-31 Assured Information Security, Inc. Filtering outbound network traffic
US20180083972A1 (en) * 2016-09-20 2018-03-22 Lg Electronics Inc. Method and apparatus for security configuration in wireless communication system
US10936955B1 (en) 2017-01-13 2021-03-02 Amazon Technologies, Inc. Computationally and network bandwidth-efficient technique to determine network-accessible content changes based on computed models
US10050987B1 (en) * 2017-03-28 2018-08-14 Symantec Corporation Real-time anomaly detection in a network using state transitions
US10951503B1 (en) 2017-04-21 2021-03-16 Amazon Technologies, Inc. Determining the validity of data collected by experiments performed at a network accessible site
US10185970B1 (en) * 2017-04-21 2019-01-22 Amazon Technologies, Inc. Determining a run time for experiments performed at a network accessible site
US10992652B2 (en) 2017-08-25 2021-04-27 Keysight Technologies Singapore (Sales) Pte. Ltd. Methods, systems, and computer readable media for monitoring encrypted network traffic flows
US10903985B2 (en) 2017-08-25 2021-01-26 Keysight Technologies Singapore (Sales) Pte. Ltd. Monitoring encrypted network traffic flows in a virtual environment using dynamic session key acquisition techniques
US11750623B2 (en) * 2017-09-04 2023-09-05 ITsMine Ltd. System and method for conducting a detailed computerized surveillance in a computerized environment
US10673871B2 (en) * 2017-10-04 2020-06-02 New Context Services, Inc. Autonomous edge device for monitoring and threat detection
US11184452B2 (en) * 2017-10-13 2021-11-23 Yokogawa Electric Corporation System and method for selecting proxy computer
US11113425B2 (en) 2018-01-17 2021-09-07 Crowd Strike, Inc. Security component for devices on an enumerated bus
CN110166343A (zh) * 2018-02-13 2019-08-23 贵州白山云科技股份有限公司 一种消息网关分发消息的方法及其消息网关
US11030413B2 (en) * 2018-06-27 2021-06-08 International Business Machines Corporation Recommending message wording based on analysis of prior group usage
US11463407B2 (en) * 2018-07-13 2022-10-04 Raytheon Company Policy engine for cyber anomaly detection
US10893030B2 (en) 2018-08-10 2021-01-12 Keysight Technologies, Inc. Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element
US11768878B2 (en) * 2019-09-20 2023-09-26 Fisher-Rosemount Systems, Inc. Search results display in a process control system
US11768877B2 (en) * 2019-09-20 2023-09-26 Fisher-Rosemount Systems, Inc. Smart search capabilities in a process control system
US12160406B2 (en) * 2019-09-23 2024-12-03 Fisher-Rosemount Systems, Inc. Whitelisting for HART communications in a process control system
US11190417B2 (en) * 2020-02-04 2021-11-30 Keysight Technologies, Inc. Methods, systems, and computer readable media for processing network flow metadata at a network packet broker
US11424865B2 (en) * 2020-12-10 2022-08-23 Fisher-Rosemount Systems, Inc. Variable-level integrity checks for communications in process control environments
US11882013B2 (en) * 2021-08-18 2024-01-23 Hewlett Packard Enterprise Development Lp Network traffic monitoring for anomalous behavior detection
US12477364B2 (en) 2022-10-13 2025-11-18 T-Mobile Usa, Inc. Monitoring operation of multiple components associated with a wireless telecommunication network

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE112004002440T5 (de) * 2003-12-15 2006-12-28 Abb Research Ltd. IT-Netzwerk-Sicherheitssystem

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020107953A1 (en) 2001-01-16 2002-08-08 Mark Ontiveros Method and device for monitoring data traffic and preventing unauthorized access to a network
US7743158B2 (en) 2002-12-04 2010-06-22 Ntt Docomo, Inc. Access network dynamic firewall
US8224902B1 (en) * 2004-02-04 2012-07-17 At&T Intellectual Property Ii, L.P. Method and apparatus for selective email processing
KR100609170B1 (ko) 2004-02-13 2006-08-02 엘지엔시스(주) 네트워크 보안 시스템 및 그 동작 방법
US7617531B1 (en) * 2004-02-18 2009-11-10 Citrix Systems, Inc. Inferencing data types of message components
US7774834B1 (en) * 2004-02-18 2010-08-10 Citrix Systems, Inc. Rule generalization for web application entry point modeling
US7890996B1 (en) * 2004-02-18 2011-02-15 Teros, Inc. Using statistical analysis to generate exception rules that allow legitimate messages to pass through application proxies and gateways
US8214438B2 (en) * 2004-03-01 2012-07-03 Microsoft Corporation (More) advanced spam detection features
CN100370724C (zh) * 2004-03-22 2008-02-20 西安电子科技大学 宽带无线ip网络匿名连接方法
JP4829223B2 (ja) 2004-05-25 2011-12-07 グーグル インコーポレイテッド 電子メッセージソース評判情報システム
US7607166B2 (en) 2004-07-12 2009-10-20 Cisco Technology, Inc. Secure manufacturing devices in a switched Ethernet network
US7343624B1 (en) 2004-07-13 2008-03-11 Sonicwall, Inc. Managing infectious messages as identified by an attachment
JP2006060306A (ja) 2004-08-17 2006-03-02 Nec Corp パケットフィルタリング方法およびパケットフィルタ装置
WO2006119506A2 (en) 2005-05-05 2006-11-09 Ironport Systems, Inc. Method of validating requests for sender reputation information
US8458262B2 (en) * 2006-12-22 2013-06-04 At&T Mobility Ii Llc Filtering spam messages across a communication network
JP2008278357A (ja) 2007-05-02 2008-11-13 Ionos:Kk 通信回線切断装置
US7814163B2 (en) * 2008-01-03 2010-10-12 Apple Inc. Text-based communication control for personal communication device
RU2487483C2 (ru) * 2008-03-10 2013-07-10 Роберт Бош Гмбх Способ и фильтрующее устройство для фильтрации сообщений, поступающих абоненту коммуникационной сети по последовательной шине данных этой сети
US8737398B2 (en) 2008-12-31 2014-05-27 Schneider Electric USA, Inc. Communication module with network isolation and communication filter
US8874663B2 (en) * 2009-08-28 2014-10-28 Facebook, Inc. Comparing similarity between documents for filtering unwanted documents
US9268578B2 (en) * 2010-11-05 2016-02-23 Mark Cummings Integrated circuit design and operation for determining a mutually compatible set of configuration for cores using agents associated with each core to achieve an application-related objective
US9413721B2 (en) * 2011-02-15 2016-08-09 Webroot Inc. Methods and apparatus for dealing with malware
US9047441B2 (en) 2011-05-24 2015-06-02 Palo Alto Networks, Inc. Malware analysis system
PH12012000283A1 (en) * 2011-09-28 2014-04-28 Fisher Rosemount Systems Inc Methods, apparatus, and articles of manufacture to provide firewalls for process control systems
US9282113B2 (en) 2013-06-27 2016-03-08 Cellco Partnership Denial of service (DoS) attack detection systems and methods
CN103701824B (zh) * 2013-12-31 2017-06-06 大连环宇移动科技有限公司 一种安全隔离管控系统
JP2014123996A (ja) 2014-04-02 2014-07-03 Mitsubishi Electric Corp ネットワーク監視装置及びプログラム
US10333877B2 (en) * 2014-04-29 2019-06-25 At&T Intellectual Property I, L.P. Methods of generating signatures from groups of electronic messages and related methods and systems for identifying spam messages
CN104539625B (zh) * 2015-01-09 2017-11-14 江苏理工学院 一种基于软件定义的网络安全防御系统及其工作方法
CN104579784B (zh) * 2015-01-15 2017-12-22 珠海市鸿瑞信息技术股份有限公司 基于多维虚链路的电力工业控制系统网络管理方法

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE112004002440T5 (de) * 2003-12-15 2006-12-28 Abb Research Ltd. IT-Netzwerk-Sicherheitssystem

Also Published As

Publication number Publication date
JP6923265B2 (ja) 2021-08-18
US11363035B2 (en) 2022-06-14
US20160344754A1 (en) 2016-11-24
CN106168757B (zh) 2022-03-18
GB2541493A (en) 2017-02-22
JP2016220213A (ja) 2016-12-22
GB201608102D0 (en) 2016-06-22
CN106168757A (zh) 2016-11-30
GB2541493B (en) 2022-04-13
DE102016109358A1 (de) 2016-11-24

Similar Documents

Publication Publication Date Title
DE102016109358B4 (de) Konfigurierbares Robustheitsmittel in einem Anlagensicherheitssystem
DE102016103521A1 (de) Erkennung von Anomalien in industriellen Kommunikationsnetzen
EP3001884B1 (de) Verfahren, vorrichtung und system zur überwachung einer sicherheits-netzübergangseinheit
EP3501154B1 (de) Bereitstellen einer gesicherten kommunikation innerhalb eines echtzeitfähigen kommunikationsnetzwerkes
EP2382512B1 (en) Communication module with network isolation and communication filter
EP2975801B1 (de) Verfahren zum Erkennen eines Angriffs in einem Computernetzwerk
DE102017124844A1 (de) Sicheres Transportieren von Daten über eine Datendiode für gesicherte Prozesssteuerungskommunikationen
EP2299650A1 (de) Verfahren zur Anomalie-Erkennung in einem Kontrollnetzwerk
GB2604036A (en) Poisoning protection for process control switches
DE202007019129U1 (de) Mobilfunkendgerät mit Filtereinrichtung und Netzwerkelement zur Konfiguration der Filtereinrichtung
DE102018117465A1 (de) Firewall für verschlüsselten datenverkehr in einem prozesssteuersystem
EP3122016B1 (de) Automatisierungsnetzwerk und verfahren zur überwachung der sicherheit der übertragung von datenpaketen
EP1862931B1 (de) Vorrichtung und Verfahren zum Schutz eines medizinischen Geräts und eines von diesem Gerät behandelten Patienten vor gefährdenden Einflüssen aus einem Kommunikationsnetzwerk
EP2987301B1 (de) Überwachung der funktionalität einer netzwerkfiltereinrichtung
EP3382478B1 (de) Verfahren, computer-programm-produkt und steuereinheit zum steuern von zugriffen auf it-systeme basierende netzwerke, insbesondere eingebettete systeme oder verteilte systeme umfassende automatisierungsnetzwerke, steuerungsnetzwerke oder kontrollnetzwerke
DE102013209914A1 (de) Filtern eines Datenpaketes mittels einer Netzwerkfiltereinrichtung
DE102014102627B3 (de) Arbeitsverfahren für ein System sowie System
DE102018123766A1 (de) Switch-port-sperre für erweiterte intelligente prozessleitsysteme
DE102018124235A1 (de) Poisoning-schutz für prozessleit-switches
EP3813314A1 (de) Sicherungssystem und verfahren zur filterung eines datenverkehrs
Coughlin et al. EDSGuard: Enforcing network security requirements for energy delivery systems
EP3382976A1 (de) Schutzeinrichtung, verfahren und gerät enthalten eine schutzeinrichtung zum schutz eines mit dem gerät verbundenen kommunikationsnetzwerks
EP4625886A1 (de) Steuergerät, netzwerk und übertragen von daten von einem steuergerät in ein netzwerk
WO2017148559A1 (de) Verfahren und analysemodul zur überprüfung von verschlüsselten datenübertragungen
WO2014075704A1 (de) Verfahren und automatisierungsanordnung zur kontrolle des datenverkehrs zwischen datenverarbeitungsgeräten

Legal Events

Date Code Title Description
R079 Amendment of ipc main class

Free format text: PREVIOUS MAIN CLASS: H04L0012260000

Ipc: H04L0043000000

R012 Request for examination validly filed
R016 Response to examination communication
R018 Grant decision by examination section/examining division