KR101880162B1 - Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System - Google Patents

Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System Download PDF

Info

Publication number
KR101880162B1
KR101880162B1 KR1020150190868A KR20150190868A KR101880162B1 KR 101880162 B1 KR101880162 B1 KR 101880162B1 KR 1020150190868 A KR1020150190868 A KR 1020150190868A KR 20150190868 A KR20150190868 A KR 20150190868A KR 101880162 B1 KR101880162 B1 KR 101880162B1
Authority
KR
South Korea
Prior art keywords
signal
control
control signal
unit
abnormal
Prior art date
Application number
KR1020150190868A
Other languages
Korean (ko)
Other versions
KR20170079858A (en
Inventor
이진흥
Original Assignee
다운정보통신(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 다운정보통신(주) filed Critical 다운정보통신(주)
Priority to KR1020150190868A priority Critical patent/KR101880162B1/en
Publication of KR20170079858A publication Critical patent/KR20170079858A/en
Application granted granted Critical
Publication of KR101880162B1 publication Critical patent/KR101880162B1/en

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • G05B19/058Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/10Plc systems
    • G05B2219/14Plc safety
    • G05B2219/14114Integrity, error detector, switch off controller, fail safe

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Testing And Monitoring For Control Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention is to verify the integrity of a control signal against various cyber attacks that malfunction a control signal in a control system operating in an industrial facility. The control unit includes a collecting unit for collecting control signals transmitted to operate the control device, A signal processing unit for analyzing and processing information, and a detection unit for analyzing an association relation with a previously stored abnormality signal to detect an abnormal signal.

Description

TECHNICAL FIELD [0001] The present invention relates to a method for verifying control signal integrity using control signal analysis in an automatic control system,

The present invention relates to a system for verifying the integrity of a control signal of an industrial facility, and more particularly, to a system for collecting control signals transmitted from an operation server or a user computer of a control system, To a method for preventing abnormal operation of the control system.

The information protection technology targeting the existing automatic control system has been developed as a method of performing filtering and anomaly detection targeting only a communication protocol for industrial automatic control such as a network-based firewall or MODBUS.

Korean Patent No. 10-1538927 discloses a method of automatically generating a sub key in a PLC and encrypting a control signal variable value using a sub key by an internal encryptor to expose a variable value related to a control signal from the outside It is blocking. However, it is not possible to respond to an attack that sends a signal that malfunctions an automatic control device under the same condition as a normal signal by infecting a user computer inside an automatic control system as in the recent attack type.

Korean Patent Laid-Open Publication No. 10-2013-0071138 discloses an access control filter using a source address, a port number, a destination address, and a port number included in a MODBUS protocol used for transmitting an automatic control signal, This paper describes a technique for preventing unauthorized access. However, such an apparatus and method are not applicable to a system using a new protocol other than the applied protocol, and it is inconvenient to newly apply an access control method for each protocol.

In addition, intrusion detection and analysis technologies targeting control systems are mainly based on TCP / IP and MODBUS protocol and DNP3 protocol, and are based on Ethernet / IP, BACnet (Building Control System), IEC61850 (Power Control System) Research on the security of control systems targeting specific communication protocols is mainly conducted. In addition, it is not suitable as a method of applying a new security system to an existing control system which is operated without a security system, and development of a security technology for a newly installed control system is limited.

Therefore, there is a need for a technology capable of safely protecting an automatic control system by installing or using a general protocol instead of a security system that is applicable only to a specific protocol or a newly installed automatic control system.

Korean Patent No. 10-1538927 describes a PLC data management system and a management method. Korean Patent Publication No. 10-2013-0071138 discloses an apparatus for preventing illegal access to an industrial control system and a technique for the method. Korean Patent No. 10-1538709 describes a description of an abnormal behavior detection system and method for an industrial control network. Korean Patent No. 10-1360591 discloses a technique for a network monitoring apparatus and method using a white list. Korean Patent Laid-Open Publication No. 10-2014-0118494 discloses an apparatus and method for detecting an abnormal symptom of a control system. Korean Patent Publication No. 10-2014-0117753 describes a technique for detecting abnormal traffic on a control system protocol.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to solve the problem that it is difficult to prevent an attack by illegal manipulation which occurs inside from a specific protocol based on automatic control, And it is intended to overcome the limitation that it is difficult to detect a wrong control signal due to malfunction of the internal system on the protocol.

Furthermore, the present invention requires a variety of protocol-based security systems to detect and recognize internal signal malfunction processing due to operating system damage in the control system, to prevent attacks due to internal system damage due to viruses, and to detect anomalous indications To solve the economic difficulties.

According to an aspect of the present invention, there is provided a method of detecting an erroneous control signal of an integrity verification apparatus having at least one processor in a network, the method comprising: Collecting a control signal and registering it as a white list (200); (300) collecting control signals transmitted and received in the network, measuring the similarity of the control signals by comparing and analyzing the collected control signals with control signals registered in the whitelist DB (510); And a step (400) of determining whether an abnormal control signal is applied by applying a threshold value set for each control signal from the measured similarity.

The step (200) of registering the normal control signal in the white list includes a collecting unit (100) for collecting a control signal normally operated while operating the system during a predetermined use period in the steady state; An electrical signal verifying unit 210 for classifying the collected control signals within each error range, extracting characteristics of each control signal, and checking whether a corresponding feature control signal exists in the existing white list DB; And an electric signal registering unit (220) for registering the feature values of the signal in the whitelist when the checked control signal does not exist in the whitelist DB (510); .

The step 300 of measuring the similarity of the control signal may include a feature extraction unit 310 for classifying the control signals applied to the collecting unit rotor in the control system in the general state into the feature values of the analog signal. And a white list checking unit 320 for checking whether the feature values extracted from the control signal and the feature values registered in the white list DB 510 have the same signal within the corresponding error range, respectively. And a registration confirmation unit 330 for confirming whether or not to register with the operation system or the operator.

When the feature values of the new control signals not registered in the whitelist are found in step 300 of measuring the similarity of the control signals, the feature values of the collected control signals are notified to the operation system and the operator, And a registration confirmation unit 330 for newly registering in the whitelist.

The step of determining the abnormal control signal 400 includes receiving a control signal out of an error range from an inspection unit for inspecting a signal in the error range and a signal of the white list DB 510 registered from the white list checking unit, An integrity discrimination unit 410 for receiving information such as a type of a control signal, a signal characteristic value, and a control object to determine whether the signal is a normal control signal or an abnormal control signal; And an abnormal signal alarm unit 420 for informing the operating system and the operator of the inflow of the abnormal signal when the abnormal control signal is abnormal; An abnormal signal log DB (520) for registering and managing an incoming abnormal signal; And a control unit.

The control signal integrity verification method for an automatic control system of the present invention analyzes a control signal transmitted to operate a control device constituting an automatic control system, extracts feature values and registers them in advance, And then extracts and compares the analog and digital characteristic values of all the control signals transmitted in the general operating environment, thereby generating an abnormal signal due to malicious attack from the outside, By detecting the abnormal signal caused by the insider caused by the attack of the system, it is possible to constitute a safe control system against the abnormal behavior and secure safety and reliability from the attack by the abnormal signal.

1 is a flowchart illustrating a method for a verification apparatus having at least one processor in a network to verify the integrity of a control signal of the network according to an embodiment of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in more detail.

The features and advantages of the present invention will become more apparent from the following detailed description of preferred embodiments with reference to the accompanying drawings.

Prior to this, terms and words used in the present specification and claims are to be interpreted in accordance with the technical idea of the present invention based on the principle that the inventor can properly define the concept of the term in order to explain his invention in the best way. It must be interpreted in terms of meaning and concept.

In addition, it will be apparent to those skilled in the art that the present invention may be practiced without specific details, such as specific software methods, in the following description.

1 is a functional block diagram illustrating a method for verifying integrity of a control signal on a network constituting an automatic control system according to an embodiment of the present invention.

A control signal integrity verification method using control signal analysis in an automatic control system of the present invention includes an electrical signal collection unit 110 for collecting an electrical control signal for operating a control device in a control system, An operation mode checking unit 120 for checking whether the collected control signal is a control signal in a steady state or a control signal in a normal state and passing a control signal to the corresponding processing routine, An electric signal verifying unit 210 for analyzing the control signal obtained by the electric signal collecting unit 110 according to each control operation mode and the characteristic values of the electric signal, An electric signal registering unit 220 for registering the control signal in the list DB 510 and a control signal receiving unit 220 for acquiring a control signal in a normal state in the operation mode checking unit 120, A feature extraction unit 310 for analyzing a control signal that may include a certain type of attack and extracting the feature value; and a feature extraction unit 310 for comparing the extracted feature values with the feature values in the pre- A white list checking unit 320 for checking whether there is a signal within an error range of each control device operation, and a white list checking unit 320 for checking whether the characteristic values of the control signals are within the error range, A registration confirmation unit 330 for checking whether the new control signal is a new normal control signal by the operation system or an operator and storing the new control signal in a whitelist when the feature value of the new control signal is not stored, Signal or a control signal regarded as a new attack and discriminates it as an abnormal control signal due to an attack And an abnormal signal alarm unit 420 for informing an operation system or an operator of the control system of the abnormal control signal discriminated by the integrity discriminating unit 410 and recording an abnormal signal log.

In the following, the organic functions of each configuration and the principle of the system will be described in detail based on the overall system configuration of the present invention described above.

The electric signal collecting unit 110 is located behind the PLC device. The electric signal collecting unit 110 collects electric signals sent to the control device by the PLC to operate the control device in the automatic control system, and then collects the collected electric signals as normal control signals It can be used as information for analyzing the abnormal control signal.

The operation mode checking unit 120 performs an operation for generating a white list to be used for verifying the integrity of the received control signal. Here, the operation mode is classified into a steady state and an operation state, and the steady state is performed during the pilot operation of the control system in the state where abnormal external connection is blocked. At this time, the control signal acquired by the electric signal collection unit 110 And it can be finally confirmed by the operation system or operator and added to the whitelist DB 510 as a settlement signal. However, the operation state is an environment for operating a general control device, and may be an abnormal environment due to an abnormal external connection or a virus or the like. In this case, the control signal obtained by the electric signal collecting unit 110 is a normal signal And a signal mixed with an abnormal signal. In order to verify the integrity of the control signal, integrity of the control signal must be checked and processed through the integrity discrimination unit 410, and a signal not registered in the whitelist If it is determined that the signal is a safe signal after the confirmation procedure, the signal can be registered as a new normal signal in the whitelist DB 510. [

The electric signal verifying unit 210 is operated in the normal operation mode by the operation mode verifying unit 120 and is performed to register the control signal obtained by the control signal collecting unit in the whitelist, And extracting feature values of the electric signal to be registered. At this time, the normal signal collected for operating the control device can be received as a digital signal or an analog signal according to the characteristics of the control device. When the digital signal is received as a digital signal, the digital signal value is extracted, The voltage or current values of the analog signal are extracted and used as characteristic values of the corresponding signal. In other words, the collected control signal is a control signal including an instruction value for directly operating the control device, either analogously or digitally, and not a data packaged by a specific protocol, but a signal value related to On / Off of the control device . The feature value extracted from the electrical signal verifying unit 210 is connected to a control device to be received and operated, and is used as a normal signal of the control device in the white list. Based on the feature value, an error of an operation signal It has scope information together. And can be used as a criterion for judging a normal signal of a control signal received in a subsequent operation state by using such information.

The electric signal registration unit 220 registers the characteristic values of the control signal received from the electric signal verification unit 210 in the whitelist DB 510. The information registered here is information on a normal signal, and the values include the type of the signal, the identifier or address (IP) of the control device, the feature value extracted from the control signal, and the like. In other words, the information on the characteristic value of the control signal includes information on a unique identifier (User ID, IP) assigned to the user and the operating system for issuing an operation command to the control device, operation event information for the control device A signal value, a control device identifier (unique ID)), and an error range for the control device.

The feature extraction unit 310 is operated when the operation mode confirmation unit 120 is in the operation state operation mode and outputs the control signal obtained by the electric signal collection unit 110 to the normal And extracts characteristic values for discriminating the control signal of the operation state collected by the electrical signal collecting unit 110 for comparison and analysis with the signal.

The white list checking unit 320 compares the feature values of the control signal extracted by the feature extracting unit 310 with the feature values of the normal signals registered in the whitelist DB 510, Check whether there is an existing signal or a signal outside the error range. If the signal is a new signal not registered in the whitelist, the registration confirmation unit 330 is performed to confirm the signal. If the signal is registered in the whitelist, the integrity determination unit 410 is performed to determine whether the signal is abnormal, .

When the new signal received in the operating state is received, the registration confirmation unit 330 is operated to determine whether the signal is a normal signal or an abnormal signal. If it is determined that the signal is a normal signal, (IP), a feature value extracted from the control signal, an identifier indicating that the signal is added in the operating state, and the like in the white list DB 510.

The integrity discriminator 410 is operated to verify the integrity of the control signal, and the integrity discriminator 410 receives the control signal transmitted from the whitelist inspector 320 and the characteristic values of the normal signal of the white list DB 510, . At this time, the control signal similarity degree within the error range is checked using the tolerance range of the different hardware operation signals for each control device, the signal included in the error range is transmitted as the normal signal to the control device, The signal is an abnormal signal, and it is determined that the control device is abnormally operated, and the control signal is not transmitted to the control device, but is transmitted to the abnormal signal alarm part 420 of the next stage for processing.

The abnormal signal alarm unit 420 informs the operating system or the operator of the information of the control signal discriminated as an abnormal signal through the whitelist-based integrity verification. The information of the abnormal signal to be recorded includes information for identifying the abnormal signal such as the command sender (identifier or address of the internal user), control device information, communication type (analog or digital), characteristic value of the control signal, And records it in the abnormal signal DB 520.

The control signal integrity verification method and apparatus using the control signal analysis in the automatic control system is a technology for detecting an irregular signal in the control system in order to ensure the availability of the industrial communication facility. It provides control system control and malicious signal detection as a way to effectively detect possible cyber attacks.

The control system protection device collects operation signal types based on a control signal circuit diagram constituting the PLC system, forms a white list thereof, detects an unauthorized signal in the operation environment based on the configured usage pattern, Can be safely protected.

In addition, for real-time traffic analysis, an open-source based large-scale data analysis platform is used to analyze and check control signals transmitted from the automatic control system to detect anomalous signals in transmitted signals, The control variable is extracted from the transmitted signal and used as information for detecting abnormal behavior.

The foregoing description has set forth, somewhat broadly, the features and technical advantages of the present invention in order to better understand the claims of the invention to be described below. It should be appreciated by those skilled in the art that the concepts and specific embodiments of the invention described above may be readily used as a basis for designing or modifying other features to accomplish the invention and similar purposes.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the inventions. You will understand. Therefore, it should be understood that the disclosed embodiments are to be considered in an illustrative rather than a restrictive sense, and that various modifications and changes may be made without departing from the spirit and scope of the invention as defined in the appended claims and equivalents thereof All differences should be construed as being included in the present invention.

Claims (4)

A method for verifying the integrity of a control signal by analyzing a control signal of the automatic control by an apparatus having at least one processor in an automatic control system according to a predetermined standard,
An electric signal collector for collecting an electric control signal for operating the control device in the control system;
An operation mode checking unit for checking whether the collected control signal is a collection of control signals in a steady state or a control signal collection in an operating state and delivering a control signal to a corresponding processing routine;
An electric signal verifying unit for analyzing characteristic values of a control signal according to each control operation mode when the control signal is a steady state control signal;
An electric signal registration unit for registering the characteristic values of the control signal analyzed in the above-mentioned white list;
A feature extraction unit for analyzing a control signal that may include an attack of any type acquired by the electrical signal collection unit and extracting the feature value if the operation mode confirmation unit collects the control signal of the operational state;
A white list checking unit for comparing the extracted feature values with feature values in a pre-registered white list to check whether they are signals within a tolerance range of a normal signal and an operation error of each control device;
If the feature value of the control signal in the white list checking unit is a feature value of a new control signal that has a value within the error range and is not stored in the initial whitelist, it is confirmed by the operation system or the operator that the new control signal is a new normal control signal, A registration confirmation unit for storing the registered information;
An integrity discrimination unit for discriminating a control signal out of an error range or a control signal judged as a new attack as an abnormal control signal due to an attack by the white list checking unit and verifying the integrity of a control signal;
And an abnormal signal alarm unit for informing an operation system or an operator of the control system of the abnormal control signal discriminated by the integrity discrimination unit and recording an abnormal signal log,

The abnormal signal alarm unit 420 verifies whether the control signal value extracted from the electrical signal collecting unit and the control signal value recorded in the white list have a defect, that is, a signal value within an error range, Is forged or modulated,

The collected control signal is a control signal including a command value for directly operating the control device, either analogously or digitally, and has a signal value related to ON / OFF of the control device, not data packaged by a specific protocol,
The information on the characteristic value of the control signal includes information on a unique identifier (User ID, IP) assigned to the user and the operating system for giving an operation command to the control device, operation event information on the control device (signal type, analog signal value, An identifier (unique ID)), an error range for the control device,
The operation mode checking unit 120 performs an operation for generating a whitelist to be used for verifying the integrity of the received control signal,
The operation mode is divided into a normal state and an operation state, and the normal state is performed during the pilot operation of the control system in the state where abnormal external connection is blocked, and all the control signals acquired by the electric signal collection unit 110 are normal Signal is added to the whitelist DB 510 by the operation system or the operator and confirmed by the control signal,
The operation state is an environment for operating the control device, and includes an abnormal signal due to external abnormal connection or virus, etc. The control signal obtained by the electric signal collecting unit 110 is a signal obtained by mixing a normal signal and an abnormal signal And,
In order to verify the integrity of the control signal, the integrity checking unit 410 always checks and processes the integrity of the control signal,
When a signal not registered in the whitelist DB 510 is generated, the transmission of a new signal is notified to the operating system or the operator. If the signal is determined to be a safe signal after the confirmation procedure, Registered as a normal signal,
The electric signal verifying unit 210 operates in the normal operation mode in the operation mode checking unit 120 and registers the control signal obtained by the electric signal collecting unit 110 in the whitelist,
The normal signal collected for operating the control device may be received as a digital signal or an analog signal according to the characteristics of the control device. When the signal is received as a digital signal, the digital signal value is extracted, When transmitted, the voltage or current values of the analog signal are extracted and used as characteristic values of the corresponding signal,
The feature value analyzed by the electrical signal verifying unit 210 is used as a normal signal of the control device in the white list connected to the control device to be received and operated and has error range information of the operation signal of the control device , The error range information of the operation signal is a criterion for determining a normal signal of the control signal received in the operating state,
The electric signal registration unit 220 registers the characteristic values of the control signal received from the electrical signal verification unit 210 in the whitelist DB 510. The registered information is all information on the normal signal, The type of the signal, the identifier or address (IP) of the control device, and the feature value extracted from the control signal,
The feature extraction unit 310 is operated when the operation mode confirmation unit 120 is in the operation state operation mode and outputs the control signal obtained by the electric signal collection unit 110 to the normal Extracts characteristic values for discriminating the operation state control signal collected by the electrical signal collection unit 110 for comparison and analysis with the signal,
The white list checking unit 320 compares the feature values of the control signal extracted by the feature extracting unit 310 with the feature values of the normal signals registered in the whitelist DB 510, If the signal is a new signal not registered in the whitelist, a registration confirmation unit 330 is performed to confirm the signal, and if it is a signal registered in the whitelist, The discriminator 410 determines whether the signal is normal or abnormal,
When the new signal received in the operating state is received, the registration confirmation unit 330 is operated to determine whether the signal is a normal signal or an abnormal signal. If it is determined that the signal is a normal signal, Registers an identifier or address (IP) of the control signal, a feature value extracted from the control signal, and an identifier indicating that the signal is added in the operating state, in the white list DB 510,
The integrity discriminator 410 is operated to verify the integrity of the control signal, and the integrity discriminator 410 receives the control signal transmitted from the whitelist inspector 320 and the characteristic values of the normal signal of the white list DB 510, And checks the similarity degree of the control signal within the error range using the tolerance range of the different hardware operation signals for each control device. The signal included in the error range is transmitted as a normal signal to the control device The signal which is out of the error range is determined to be an abnormal signal to abnormally operate the control device and is not transmitted to the control device but is transmitted to the abnormal signal alarm part 420 of the next stage for processing,
The abnormal signal alarm unit 420 informs the operating system or the operator of the information of the control signal discriminated as an abnormal signal through the whitelist-based integrity verification, and the abnormal signal information is transmitted to the command sender The information identifying the abnormal signal such as the address information, the control device information, the communication type (analog or digital), the control signal characteristic value, and the time information is displayed on the screen and recorded in the abnormal signal DB 520 How to Verify the Integrity of a Signal
delete delete delete
KR1020150190868A 2015-12-31 2015-12-31 Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System KR101880162B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150190868A KR101880162B1 (en) 2015-12-31 2015-12-31 Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150190868A KR101880162B1 (en) 2015-12-31 2015-12-31 Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System

Publications (2)

Publication Number Publication Date
KR20170079858A KR20170079858A (en) 2017-07-10
KR101880162B1 true KR101880162B1 (en) 2018-08-16

Family

ID=59356278

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150190868A KR101880162B1 (en) 2015-12-31 2015-12-31 Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System

Country Status (1)

Country Link
KR (1) KR101880162B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813096A (en) * 2020-08-11 2020-10-23 北京航空航天大学 Unmanned aerial vehicle safety control method under attack of expected track signal

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102069954B1 (en) * 2017-12-28 2020-01-23 주식회사 포스코아이씨티 System and Method for Generating Normal Sequence Pattern of Control Data
KR102027044B1 (en) * 2017-12-28 2019-09-30 주식회사 포스코아이씨티 System for Detecting Abnormal Control Data
KR102131689B1 (en) 2018-01-30 2020-08-06 고려대학교 산학협력단 An efficient control-flow integrity vefifing method based on unpredictability
WO2020241959A1 (en) * 2019-05-31 2020-12-03 주식회사 포스코아이씨티 System for detecting abnormal control data
KR102282843B1 (en) * 2019-05-31 2021-07-27 주식회사 포스코아이씨티 Abnormal Control Data Detection System Using Swiching Device
KR102282847B1 (en) * 2019-05-31 2021-07-27 주식회사 포스코아이씨티 System for Detecting Abnormal Control Data
WO2021107259A1 (en) * 2019-11-29 2021-06-03 (주) 앤앤에스피 Method and system for iacs packet flow security monitoring in association with network packet whitelist
CN112543123B (en) * 2020-12-17 2023-07-28 云南昆钢电子信息科技有限公司 Safety protection and early warning system of industrial automatic control system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101538709B1 (en) * 2014-06-25 2015-07-29 아주대학교산학협력단 Anomaly detection system and method for industrial control network
JP2015172945A (en) * 2009-08-28 2015-10-01 株式会社日立製作所 Facility state monitoring method and apparatus for the same

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08221117A (en) * 1995-02-09 1996-08-30 Mitsubishi Electric Corp Analyzing device for supporting abnormality diagnosis
KR101360591B1 (en) 2011-09-29 2014-02-11 한국전력공사 Apparatus and method for monitoring network using whitelist
KR20130071138A (en) 2011-12-20 2013-06-28 삼성전자주식회사 Method for performing image forming operation using user information and image forming apparatus performing the same
KR101889502B1 (en) 2013-03-26 2018-08-20 한국전자통신연구원 Abnormal traffic detection method on control system protocol
KR101977731B1 (en) 2013-03-29 2019-05-14 한국전자통신연구원 Apparatus and method for detecting anomaly in a controller system
KR101538927B1 (en) 2013-10-25 2015-07-23 대우조선해양 주식회사 PLC data management system for preemptive and method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015172945A (en) * 2009-08-28 2015-10-01 株式会社日立製作所 Facility state monitoring method and apparatus for the same
KR101538709B1 (en) * 2014-06-25 2015-07-29 아주대학교산학협력단 Anomaly detection system and method for industrial control network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813096A (en) * 2020-08-11 2020-10-23 北京航空航天大学 Unmanned aerial vehicle safety control method under attack of expected track signal
CN111813096B (en) * 2020-08-11 2021-11-19 北京航空航天大学 Unmanned aerial vehicle safety control method under attack of expected track signal

Also Published As

Publication number Publication date
KR20170079858A (en) 2017-07-10

Similar Documents

Publication Publication Date Title
KR101880162B1 (en) Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System
CN110495138B (en) Industrial control system and monitoring method for network security thereof
CN107659583B (en) Method and system for detecting attack in fact
US10931635B2 (en) Host behavior and network analytics based automotive secure gateway
US9471770B2 (en) Method and control unit for recognizing manipulations on a vehicle network
US8418247B2 (en) Intrusion detection method and system
KR102642875B1 (en) Systems and methods for providing security to in-vehicle networks
JP4619254B2 (en) IDS event analysis and warning system
KR101977731B1 (en) Apparatus and method for detecting anomaly in a controller system
CN108931968B (en) Network security protection system applied to industrial control system and protection method thereof
CN214306527U (en) Gas pipe network scheduling monitoring network safety system
US20110307936A1 (en) Network analysis
KR101585342B1 (en) Apparatus and method for detecting abnormal behavior
EP4092553B1 (en) Intrusion path analysis device and intrusion path analysis method
CN114666088A (en) Method, device, equipment and medium for detecting industrial network data behavior information
US20210126925A1 (en) Extraction apparatus, extraction method, computer readable medium
CN112968869A (en) Information safety monitoring system of electric power production control large area
KR101871406B1 (en) Method for securiting control system using whitelist and system for the same
CN106899977B (en) Abnormal flow detection method and device
CN112104608A (en) Vehicle information safety protection method, system and storage medium
JP4159814B2 (en) Interactive network intrusion detection system and interactive intrusion detection program
KR20180012548A (en) Method for discriminating of abnormal behavior in automatic control system
WO2021237739A1 (en) Industrial control system safety analysis method and apparatus, and computer-readable medium
JP2005284523A (en) System, method and program for illegal intrusion detection
CN111711626A (en) Method and system for monitoring network intrusion

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
E902 Notification of reason for refusal
AMND Amendment
X701 Decision to grant (after re-examination)