WO2021186761A1 - Communication relay apparatus, communication system, and communication control method - Google Patents

Communication relay apparatus, communication system, and communication control method Download PDF

Info

Publication number
WO2021186761A1
WO2021186761A1 PCT/JP2020/031108 JP2020031108W WO2021186761A1 WO 2021186761 A1 WO2021186761 A1 WO 2021186761A1 JP 2020031108 W JP2020031108 W JP 2020031108W WO 2021186761 A1 WO2021186761 A1 WO 2021186761A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
data
dummy data
relay device
received
Prior art date
Application number
PCT/JP2020/031108
Other languages
French (fr)
Japanese (ja)
Inventor
寛 岩澤
遠藤 浩通
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Publication of WO2021186761A1 publication Critical patent/WO2021186761A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5603Access techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks

Definitions

  • the present invention relates to a technique for preventing an attack on a communication target device due to unauthorized communication, for example, a technique for increasing resistance to a DoS (Dialial of Service) attack.
  • DoS Diaalial of Service
  • IPS Intrusion Prevention System
  • a DoS attack that sends a large amount of data to a server that is an attack target is known.
  • the server to which the data is sent may not be able to withstand the load and may go down.
  • Patent Document 1 describes a modification mode control device that is connected to a network, detects a malicious attack in the network, and transmits modification command information to the network, and a modification from the modification mode control device. Obtaining command information and modifying the data transmitted from the information processing terminal to the network according to the modification command information, and obtaining modification command information from the modification mode control device, from the network to the information processing terminal A system having a proxy restoration processing device that inspects the transmitted data for the presence or absence of modification based on the modification command information and executes processing according to the presence or absence of the modification is disclosed.
  • Patent Document 1 it is necessary to provide a device that detects a malicious attack on the network and transmits modification command information to the network.
  • the device must detect a malicious attack, and it is not always possible to detect the attack appropriately.
  • the present invention has been made in view of the above circumstances, and an object of the present invention is to provide a technique capable of effectively protecting a communication target device from a DoS attack.
  • the communication relay device is provided between the first side including the communication target device and the second side including the communication path, and the first side and the second side are provided.
  • a communication relay device that relays communication between the two, a dummy data generator that generates dummy data based on a predetermined rule, a dummy data transmitter that transmits the dummy data to the second side, and the first.
  • a dummy data determination device that determines whether or not the received data received from the two sides is dummy data based on the predetermined rule, and a dummy data removal that discards the received data when the received data is the dummy data. It has a vessel and.
  • FIG. 1 is a diagram illustrating a configuration of a communication system and a DoS attack according to the first embodiment.
  • FIG. 2 is a configuration diagram of a communication relay device according to the first embodiment.
  • FIG. 3 is a configuration diagram of the communication relay device according to the second embodiment.
  • FIG. 4 is a configuration diagram of the communication relay device according to the third embodiment.
  • FIG. 1 is a diagram illustrating a configuration of a communication system and a DoS attack according to the first embodiment.
  • the communication system 1 has communication nodes 21 and 22 as an example of a communication target device, and communication relay devices 100A and 100B.
  • the communication relay device 100A is provided between the communication node 21 and the communication path (network) 30. Further, the communication relay device 100B is provided between the communication node 22 and the communication path 30.
  • the communication path 30 is, for example, a communication path such as a wired LAN (Local Area Network), a wireless LAN, or the Internet.
  • the communication node 21 and the communication relay device 100A are directly connected to each other, but the present invention is not limited to this, and the communication node 21 is connected via a secure communication path on the communication node 21 side. It may be in the form of being connected.
  • the communication node 22 and the communication relay device 100B are directly connected, but the present invention is not limited to this, and the communication node 22 is connected via a secure communication path on the communication node 22 side. It may be in the form. Further, in the present embodiment, the number of communication nodes is two, but the present invention is not limited to this, and the number may be three or more. In that case, the communication relay device is used as each communication node and the communication path. It may be provided between 30 and 30.
  • the communication relay device 100A transmits the received data Rxd (for example, packet format) received from the communication node 21 side (first side) to the communication path 30 side (second side). Further, the communication relay device 100A generates dummy data DD (for example, packet format) and transmits it to the communication path 30. Further, the communication relay device 100A removes unnecessary data from the received data (for example, packet format) received from the communication path 30 side, and transmits the remaining data to the transmission node 21 side.
  • unnecessary data includes dummy data DD, abnormal data, and the like. The detailed configuration of the communication relay device 100A will be described later.
  • the communication relay device 100B transmits the received data received from the communication node 22 side (first side) to the communication path 30 side (second side). Further, the communication relay device 100B generates dummy data and transmits the dummy data to the communication path 30. Further, the communication relay device 100B removes unnecessary data from the received data Rxn received from the communication path 30 side, and transmits the remaining data Txd to the transmission node 22 side.
  • unnecessary data includes dummy data DD, abnormal data, and the like. The detailed configuration of the communication relay device 100B will be described later.
  • the communication node 21 can send and receive data (for example, a packet) to and from the communication node 22 via the communication path 30.
  • data for example, a packet
  • a case where the communication node 21 generates data (regular data TD) to be transmitted to the communication node 22 and transmits the data to the communication node 22 is shown as an example. In this example, it is assumed that the communication node 21 transmits the sensor data to the sequential communication node 22.
  • the communication node 22 can send and receive data (for example, a packet) to and from the communication node 21 via the communication path 30.
  • the communication node 22 shows an example of executing, for example, a process of controlling various systems in real time based on the regular data TD transmitted from the communication node 21.
  • the transmission data Rxd transmitted from the communication node 21 to the communication relay device 100A includes the regular data TD.
  • the transmission data Txn transmitted from the communication relay device 100A to the communication path 30 includes regular data TD and dummy data DD transmitted from the communication relay device 100A. These data will be transmitted to the communication relay device 100B connected to the communication node 22 via the communication path 30.
  • data is received via the communication path 30, unnecessary data is removed from the received data, and the remaining data (regular data TD if no attack or the like is performed) is sent to the communication node 22. Send.
  • the communication terminal 90 intercepts data that is considered to be transmitted from the communication node 21, specifically, data transmitted from the communication relay device 100A to the communication relay device 100B, and uses the intercepted data as a DoS attack. It is transmitted to the communication node 22 as data to be used (attack data AD).
  • the received data Rxn received by the communication relay device 100B via the communication path 30 includes the regular data TD and dummy data DD transmitted via the communication relay device 100A, and an attack from the communication terminal 90.
  • Data AD is included.
  • the regular data TD is transmitted to the communication node 22, and the dummy data DD is removed.
  • the communication relay device 100B can appropriately remove the data using the dummy data DD in the attack data AD, for example. If the data uses the regular data TD in the attack data AD, it will be transmitted to the communication node 22 side. However, in the communication terminal 90, since the attack data AD is generated using the transmission data Txn from the communication relay device 100A, it is not possible to recognize which data is the regular data TD, so the regular data TD is used. Since the attack data AD that was present cannot be transmitted intentionally, it is relatively unlikely that such a case will occur.
  • the dummy data DD is transmitted more than the regular data TD
  • the ratio of the regular data TD to the transmitted data Txn can be suppressed low, and the regular data TD is used as the attack data AD. It is very unlikely to be used and the above cases are very unlikely to occur.
  • the communication relay devices 100A and 100B will be described in detail.
  • the communication relay devices 100A and 100B have the same configuration, and therefore, these are collectively referred to as the communication relay device 100.
  • FIG. 2 is a configuration diagram of the communication relay device according to the first embodiment.
  • the communication relay device 100 is a device classified into, for example, a firewall and an IPS, and has a generation rule storage device 11 as an example of a storage unit, a dummy data generator 12, and unnecessary data removal as an example of a dummy data remover.
  • a device 13, a removal rule storage device 14, an unnecessary data determination device 15 as an example of a dummy data determination device, and a data transmitter 16 as an example of a dummy data transmitter are provided.
  • Each unit 11 to 16 may be configured by a hardware circuit such as an ASIC or a dedicated circuit, or at least a part thereof may be configured by executing a program by a processor.
  • the generation rule storage 11 stores the generation rule for the dummy data to be generated.
  • the generation rule may be the plurality of types of dummy data itself to be generated, or may be a calculation formula or the like for generating a plurality of types of dummy data.
  • the production rule may be stored in the production rule storage 11 in advance, or may be set to be transmitted from an external device.
  • the generation rules in each communication relay device 100 (100A, 100B) that relays data between communication nodes are the same or adjusted so as to be the same.
  • the dummy data generator 12 generates dummy data based on the generation rule stored in the generation rule storage device 11.
  • the dummy data generator 12 sends the generated dummy data to the unnecessary data determination device 15 and the data transmitter 16.
  • the dummy data generator 12 generates dummy data so that the dummy data is transmitted at a higher frequency than the regular data transmitted by the data transmitter 16. Further, the dummy data generator 12 sequentially generates a plurality of types of dummy data.
  • the generation rules in each communication relay device 100 (100A, 100B) that relays data between communication nodes are the same, they are generated by the dummy data generator 12 of each communication relay device 100.
  • the dummy data will be the same.
  • the removal rule storage 14 stores a rule (removal rule) for removing unnecessary data.
  • the removal rule is, for example, that the destination of the data is not the connected communication target device, the source of the data is not a trusted source, and the like.
  • the removal rule is not limited to this, and may include other rules indicating that the data is invalid.
  • the unnecessary data determination device 15 determines whether or not the received data Rxn from the communication path 30 side is unnecessary data corresponding to the removal rule stored in the removal rule storage 14, and determines the determination result as the unnecessary data removal device 13. Notify to. Further, the unnecessary data determination device 15 stores dummy data notified from the dummy data generator 12 (for example, dummy data notified within a predetermined period), and stores the received data Rxn from the communication path 30 side. It is determined whether or not the data is unnecessary data that matches the dummy data, and the determination result is notified to the unnecessary data remover 13.
  • the unnecessary data remover 13 processes the received data from the communication path 30 side based on the determination result by the unnecessary data determination device 15. Specifically, the unnecessary data remover 13 removes the received data without transmitting the received data to the communication target device side when the determination result is unnecessary data, and receives the received data when the determination result is not unnecessary data. Send data to the communication target device side.
  • the data transmitter 16 relays the data from the communication target device side to the communication path 30 side. Further, the data transmission unit 16 transmits the dummy data notified from the dummy data generator 12 to the communication path 30 side. For example, in the communication relay device 100A, the data transmitter 16 transmits dummy data to the communication node 22 to which the regular data TD of the communication node 21 is transmitted. In this embodiment, the data transmitter 16 transmits dummy data DD at a higher frequency than regular data TD.
  • the malicious communication terminal 90 cannot specify the regular data and intentionally the regular data. Attack data AD cannot be created. Further, in the present embodiment, since the dummy data is transmitted at a higher frequency than the regular data, it is possible to reduce the possibility that the attack data AD by the regular data is generated.
  • the unnecessary data determination device 15 determines whether or not the received data from the communication path 30 side is unnecessary data that corresponds to the removal rule and whether or not it is unnecessary data that matches the dummy data.
  • the unnecessary data remover 13 removes the received data whose determination result is unnecessary data without transmitting it to the communication target device side. Therefore, for example, when the attack data AD is attack data based on dummy data, it is appropriately removed by the unnecessary data remover 13 and does not increase the load on the communication target device. That is, it is possible to prevent a DoS attack on the communication target device.
  • the communication system according to the second embodiment is provided with a communication relay device 101 having a part of different functions in place of the communication relay device 100 in the communication system according to the first embodiment.
  • FIG. 3 is a configuration diagram of the communication relay device according to the second embodiment. Note that the same configuration as that of the communication relay device 100 according to the first embodiment is designated by the same reference numerals and duplicated description will be omitted.
  • the communication relay device 101 includes a pseudo-random number rule storage device 17, a pseudo-random number generator 18, and a timing adjuster 19 in place of the generation rule storage device 11 and the dummy data generator 12 of the communication relay device 100.
  • the pseudo-random number rule storage 17 stores a rule for generating a pseudo-random number (pseudo-random number rule).
  • the pseudo-random number rule may be a calculation formula or the like that specifies the pseudo-random number to be generated.
  • the pseudo-random number rule may be fixedly stored in the pseudo-random number rule storage 17 in advance, or may be transmitted from an external device and set.
  • the pseudo-random number rules in each communication relay device 101 that relays data between communication nodes are the same or adjusted so as to be the same.
  • the pseudo-random number generator 18 creates a pseudo-random number based on the pseudo-random number rule, and generates dummy data based on this pseudo-random number.
  • the dummy data may be a pseudo-random number itself or may include a part thereof.
  • the frequency of generating dummy data by pseudo-random numbers is higher than the frequency of transmitting regular data.
  • the timing adjuster 19 adjusts the operation timing of the pseudo-random number generator 18 so as to synchronize the operation timing of the pseudo-random number generator 18 in each communication relay device 101 that relays data between communication nodes.
  • the timing adjuster 19 uses, for example, NTP (Network Time Protocol) to set the time of the communication relay device 101 as an accurate time and synchronize it with the time of another communication relay device 101, and pseudo-according to the time. By determining the operation timing of the random number generator 18, the operation timing of the pseudo random number generator 18 in each communication relay device 101 is synchronized.
  • NTP Network Time Protocol
  • the pseudo-random numbers generated between the communication relay devices 101 can be synchronized, that is, the pseudo-random numbers generated at a certain time can be made the same, and the dummy data by the unnecessary data determination device 15 can be synchronized. It can be used to determine whether or not the data is unnecessary.
  • the communication system according to the third embodiment is provided with a communication relay device 102 having a part of different functions in place of the communication relay device 100 in the communication system according to the first embodiment.
  • FIG. 4 is a configuration diagram of the communication relay device according to the third embodiment.
  • the communication relay device 102 is a communication relay device 100 in which a function is added to the dummy data generator 12 and a duplication determination device 20 is newly provided.
  • the dummy data generator 12 also transmits the generated dummy data to the duplication determination device 20.
  • the duplication determination device 20 stores dummy data (generated dummy data) notified from the dummy data generator 12 within a predetermined period (for example, about several minutes), and refers to the received data Rxn from the communication path 30 side. Then, it is determined whether or not the data matching the generated dummy data has been received a plurality of times.
  • the predetermined period is, for example, a period in which it is guaranteed that the same dummy data will not be generated by the dummy data generator 12.
  • the duplication determination device 20 determines that the data matching the generated dummy data has been received a plurality of times, it means that the data matching the generated dummy data has been received a plurality of times, that is, there is a possibility of a DoS attack. Notify the fact to the terminal or the like of the predetermined notification destination. This makes it possible to appropriately notify the possibility of a DoS attack.

Abstract

The objective of the present invention is to enable a communication target device to be effectively protected from DoS attacks. A communication relay apparatus 100 which is provided between a first side (communication target device side) including a communication node, and a second side (communication path side) including a communication path, and which relays communications between the communication target device side and the communication path side is configured to include: a dummy data generator 12 which generates dummy data based on a prescribed rule; a data communicator 16 which transmits the dummy data to the communication path side; an unnecessary data determiner 15 which determines whether received data Rxn received from the communication path side are the dummy data based on the prescribed rule; and an unnecessary data eliminator 13 which discards the received data Rxn if the received data Rxn are the dummy data.

Description

通信中継装置、通信システム、及び通信制御方法Communication relay device, communication system, and communication control method
 本発明は、不正な通信による通信対象デバイスへの攻撃を防御する技術に関し、例えば、DoS(Dinaial of Service)攻撃に対する耐性を高める技術に関する。 The present invention relates to a technique for preventing an attack on a communication target device due to unauthorized communication, for example, a technique for increasing resistance to a DoS (Dialial of Service) attack.
 製造業における化学プラントや製品組み立て装置等の設備を制御する制御システムは、安全かつ安定な動作を維持する必要がある。しかし、制御システムに対してその動作を阻害したり、誤った動作を行わせたりする意図で、制御システム用のネットワークを介して不正な内容のデータが送られる場合がある。対策として、このような不正な通信を遮断する能力を具備したファイアウォールやIPS(Intrusion Prevention System)等を介して防御対象の装置を制御システム用のネットワークに接続する方法が知られている。 Control systems that control equipment such as chemical plants and product assembly equipment in the manufacturing industry need to maintain safe and stable operation. However, data with incorrect contents may be sent via the network for the control system with the intention of obstructing the operation of the control system or causing the control system to perform an erroneous operation. As a countermeasure, there is known a method of connecting a device to be protected to a network for a control system via a firewall or an IPS (Intrusion Prevention System) having an ability to block such unauthorized communication.
 例えば、制御システムに対する攻撃としては、攻撃目標であるサーバに対して、大量のデータを送り付けるDoS攻撃が知られている。DoS攻撃が行われると、データを送り付けられたサーバは、負荷に耐え切れなくなってダウンしてしまう虞がある。 For example, as an attack on a control system, a DoS attack that sends a large amount of data to a server that is an attack target is known. When a DoS attack is performed, the server to which the data is sent may not be able to withstand the load and may go down.
 このようなDoS攻撃に対して、特許文献1には、ネットワークに接続され、ネットワークにおける悪意の攻撃を検知して改変指令情報をネットワークに発信する改変モード制御装置と、改変モード制御装置からの改変指令情報を得て、情報処理端末からネットワークへ送信されるデータを改変指令情報に応じて改変する代理改変処理装置と、改変モード制御装置からの改変指令情報を得て、ネットワークから情報処理端末へ送られるデータについて改変指令情報を基に改変の有無を検査し、改変の有無に応じた処理を実行する代理復元処理装置を有するシステムが開示されている。 In response to such a DoS attack, Patent Document 1 describes a modification mode control device that is connected to a network, detects a malicious attack in the network, and transmits modification command information to the network, and a modification from the modification mode control device. Obtaining command information and modifying the data transmitted from the information processing terminal to the network according to the modification command information, and obtaining modification command information from the modification mode control device, from the network to the information processing terminal A system having a proxy restoration processing device that inspects the transmitted data for the presence or absence of modification based on the modification command information and executes processing according to the presence or absence of the modification is disclosed.
特開2014-23136号公報Japanese Unexamined Patent Publication No. 2014-23136
 しかし、特許文献1に開示された技術においては、ネットワークにおける悪意の攻撃を検知して改変指令情報をネットワークに発信する装置を設けなければならない。また、その装置において、悪意の攻撃を検知しなければならず、適切に攻撃を検知できるとは限らない。 However, in the technology disclosed in Patent Document 1, it is necessary to provide a device that detects a malicious attack on the network and transmits modification command information to the network. In addition, the device must detect a malicious attack, and it is not always possible to detect the attack appropriately.
 本発明は、上記事情に鑑みなされたものであり、その目的は、DoS攻撃から通信対象デバイスを効果的に防御することのできる技術を提供することにある。 The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a technique capable of effectively protecting a communication target device from a DoS attack.
 上記目的を達成するため、一観点に係る通信中継装置は、通信対象デバイスを含む第1側と、通信路を含む第2側との間に設けられ、前記第1側と、前記第2側との間の通信を中継する通信中継装置であって、所定の規則に基づくダミーデータを生成するダミーデータ生成器と、前記ダミーデータを前記第2側に送信するダミーデータ送信器と、前記第2側から受信した受信データが、前記所定の規則に基づくダミーデータか否かを判定するダミーデータ判定器と、前記受信データが前記ダミーデータである場合に、前記受信データを破棄するダミーデータ除去器と、を有する。 In order to achieve the above object, the communication relay device according to one aspect is provided between the first side including the communication target device and the second side including the communication path, and the first side and the second side are provided. A communication relay device that relays communication between the two, a dummy data generator that generates dummy data based on a predetermined rule, a dummy data transmitter that transmits the dummy data to the second side, and the first. A dummy data determination device that determines whether or not the received data received from the two sides is dummy data based on the predetermined rule, and a dummy data removal that discards the received data when the received data is the dummy data. It has a vessel and.
 本発明によれば、DoS攻撃から通信対象デバイスを効果的に防御することができる。 According to the present invention, it is possible to effectively protect the communication target device from DoS attacks.
図1は、第1実施形態に係る通信システムの構成及びDoS攻撃を説明する図である。FIG. 1 is a diagram illustrating a configuration of a communication system and a DoS attack according to the first embodiment. 図2は、第1実施形態に係る通信中継装置の構成図である。FIG. 2 is a configuration diagram of a communication relay device according to the first embodiment. 図3は、第2実施形態に係る通信中継装置の構成図である。FIG. 3 is a configuration diagram of the communication relay device according to the second embodiment. 図4は、第3実施形態に係る通信中継装置の構成図である。FIG. 4 is a configuration diagram of the communication relay device according to the third embodiment.
 いくつかの実施形態について、図面を参照して説明する。なお、以下に説明する実施形態は特許請求の範囲に係る発明を限定するものではなく、また実施形態の中で説明されている諸要素及びその組み合わせの全てが発明の解決手段に必須であるとは限らない。 Some embodiments will be described with reference to the drawings. It should be noted that the embodiments described below do not limit the invention according to the claims, and all of the elements and combinations thereof described in the embodiments are indispensable for the means for solving the invention. Is not always.
 まず、第1実施形態に係る通信システムについて説明する。 First, the communication system according to the first embodiment will be described.
 図1は、第1実施形態に係る通信システムの構成及びDoS攻撃を説明する図である。 FIG. 1 is a diagram illustrating a configuration of a communication system and a DoS attack according to the first embodiment.
 通信システム1は、通信対象デバイスの一例としての通信ノード21,22と、通信中継装置100A,100Bとを有する。通信中継装置100Aは、通信ノード21と通信路(ネットワーク)30との間に設けられている。また、通信中継装置100Bは、通信ノード22と通信路30との間に設けられている。通信路30は、例えば、有線LAN(Local Area Network)、無線LAN、インターネットなどの通信路である。なお、同図においては、通信ノード21と、通信中継装置100Aとは、直接接続されている形態となっているが、本発明はこれに限られず、通信ノード21側の安全な通信路を介して接続されている形態でもよい。また、通信ノード22と、通信中継装置100Bとは、直接接続されている形態となっているが、本発明はこれに限られず、通信ノード22側の安全な通信路を介して接続されている形態でもよい。また、本実施形態では、通信ノードを2つとしているが、本発明はこれに限られず、3つ以上であってもよく、その場合には、通信中継装置をそれぞれの通信ノードと、通信路30との間に設けるようにしてもよい。 The communication system 1 has communication nodes 21 and 22 as an example of a communication target device, and communication relay devices 100A and 100B. The communication relay device 100A is provided between the communication node 21 and the communication path (network) 30. Further, the communication relay device 100B is provided between the communication node 22 and the communication path 30. The communication path 30 is, for example, a communication path such as a wired LAN (Local Area Network), a wireless LAN, or the Internet. In the figure, the communication node 21 and the communication relay device 100A are directly connected to each other, but the present invention is not limited to this, and the communication node 21 is connected via a secure communication path on the communication node 21 side. It may be in the form of being connected. Further, the communication node 22 and the communication relay device 100B are directly connected, but the present invention is not limited to this, and the communication node 22 is connected via a secure communication path on the communication node 22 side. It may be in the form. Further, in the present embodiment, the number of communication nodes is two, but the present invention is not limited to this, and the number may be three or more. In that case, the communication relay device is used as each communication node and the communication path. It may be provided between 30 and 30.
 通信中継装置100Aは、通信ノード21側(第1側)から受信した受信データRxd(例えば、パケット形式)を、通信路30側(第2側)へ送信する。また、通信中継装置100Aは、ダミーデータDD(例えば、パケット形式)を生成して、通信路30に送信する。また、通信中継装置100Aは、通信路30側から受信した受信データ(例えば、パケット形式)について、不要なデータを除去し、残ったデータを送信ノード21側に送信する。ここで、不要なデータは、ダミーデータDDや、異常なデータ等を含む。なお、通信中継装置100Aの詳細な構成等については後述する。 The communication relay device 100A transmits the received data Rxd (for example, packet format) received from the communication node 21 side (first side) to the communication path 30 side (second side). Further, the communication relay device 100A generates dummy data DD (for example, packet format) and transmits it to the communication path 30. Further, the communication relay device 100A removes unnecessary data from the received data (for example, packet format) received from the communication path 30 side, and transmits the remaining data to the transmission node 21 side. Here, unnecessary data includes dummy data DD, abnormal data, and the like. The detailed configuration of the communication relay device 100A will be described later.
 通信中継装置100Bは、通信ノード22側(第1側)から受信した受信データを、通信路30側(第2側)へ送信する。また、通信中継装置100Bは、ダミーデータを生成して、通信路30に送信する。また、通信中継装置100Bは、通信路30側から受信した受信データRxnについて、不要なデータを除去し、残ったデータTxdを送信ノード22側に送信する。ここで、不要なデータは、ダミーデータDDや、異常なデータ等を含む。なお、通信中継装置100Bの詳細な構成等については後述する。 The communication relay device 100B transmits the received data received from the communication node 22 side (first side) to the communication path 30 side (second side). Further, the communication relay device 100B generates dummy data and transmits the dummy data to the communication path 30. Further, the communication relay device 100B removes unnecessary data from the received data Rxn received from the communication path 30 side, and transmits the remaining data Txd to the transmission node 22 side. Here, unnecessary data includes dummy data DD, abnormal data, and the like. The detailed configuration of the communication relay device 100B will be described later.
 通信ノード21は、通信路30を介して、通信ノード22との間でデータ(例えば、パケット)を送受信することができる。同図においては、通信ノード21が通信ノード22に対して送信すべきデータ(正規データTD)を生成して、通信ノード22に対して送信する場合を例として示している。この例では、通信ノード21は、センサのデータを逐次通信ノード22に対して送信しているものとしている。 The communication node 21 can send and receive data (for example, a packet) to and from the communication node 22 via the communication path 30. In the figure, a case where the communication node 21 generates data (regular data TD) to be transmitted to the communication node 22 and transmits the data to the communication node 22 is shown as an example. In this example, it is assumed that the communication node 21 transmits the sensor data to the sequential communication node 22.
 通信ノード22は、通信路30を介して、通信ノード21との間でデータ(例えば、パケット)を送受信することができる。同図においては、通信ノード22は、通信ノード21から送信される正規データTDに基づいて、例えば、各種システムをリアルタイムで制御する処理等を実行する例を示している。 The communication node 22 can send and receive data (for example, a packet) to and from the communication node 21 via the communication path 30. In the figure, the communication node 22 shows an example of executing, for example, a process of controlling various systems in real time based on the regular data TD transmitted from the communication node 21.
 同図の例においては、通信ノード21から通信中継装置100Aに送信される送信データRxdには、正規データTDが含まれている。 In the example of the figure, the transmission data Rxd transmitted from the communication node 21 to the communication relay device 100A includes the regular data TD.
 また、通信中継装置100Aから通信路30に送信される送信データTxnには、正規データTDと、通信中継装置100Aから送信されるダミーデータDDとが含まれる。これらデータは、通信路30を介して、通信ノード22に繋がる通信中継装置100Bに送信されることとなる。 Further, the transmission data Txn transmitted from the communication relay device 100A to the communication path 30 includes regular data TD and dummy data DD transmitted from the communication relay device 100A. These data will be transmitted to the communication relay device 100B connected to the communication node 22 via the communication path 30.
 通信中継装置100Bでは、通信路30を介してデータを受信し、受信データから不要なデータを取り除いて、残りのデータ(攻撃等がされていない場合には、正規データTD)を通信ノード22に送信する。 In the communication relay device 100B, data is received via the communication path 30, unnecessary data is removed from the received data, and the remaining data (regular data TD if no attack or the like is performed) is sent to the communication node 22. Send.
 ここで、DoS攻撃を実行する悪意者の通信端末90により、通信ノード22の誤動作等を目的とするDoS攻撃が仕掛けられる場合について説明する。 Here, a case where a malicious communication terminal 90 that executes a DoS attack launches a DoS attack for the purpose of malfunction of the communication node 22 will be described.
 通信端末90は、例えば、通信ノード21から送信されていると考えられるデータ、具体的には、通信中継装置100Aから通信中継装置100Bに送信されるデータを傍受し、傍受したデータをDoS攻撃に使用するデータ(攻撃データAD)として、通信ノード22に対して送信する。 The communication terminal 90 intercepts data that is considered to be transmitted from the communication node 21, specifically, data transmitted from the communication relay device 100A to the communication relay device 100B, and uses the intercepted data as a DoS attack. It is transmitted to the communication node 22 as data to be used (attack data AD).
 この場合には、通信中継装置100Bが通信路30を介して、受信する受信データRxnには、通信中継装置100Aを介して送信された正規データTD及びダミーデータDDと、通信端末90からの攻撃データADとが含まれる。 In this case, the received data Rxn received by the communication relay device 100B via the communication path 30 includes the regular data TD and dummy data DD transmitted via the communication relay device 100A, and an attack from the communication terminal 90. Data AD is included.
 通信中継装置100Bでは、受信データRxnのうち、正規データTDについては、通信ノード22に送信し、ダミーデータDDについては除去する。 In the communication relay device 100B, among the received data Rxn, the regular data TD is transmitted to the communication node 22, and the dummy data DD is removed.
 一方、攻撃データADについては、通信中継装置100Bは、例えば、攻撃データADの中のダミーデータDDを用いたデータについては、このデータを適切に除去することができる。なお、攻撃データADの中の正規データTDを用いたデータである場合には、通信ノード22側に送信されてしまうこととなる。しかしながら、通信端末90においては、通信中継装置100Aからの送信データTxnを用いて攻撃データADを生成するので、どのデータが正規データTDであるかを認識することができないため、正規データTDを用いた攻撃データADを意図して送信することができないため、このようなケースが発生する可能性は比較的低い。また、本実施形態では、正規データTDよりもダミーデータDDを多く送信するようにしているので、送信データTxnに占める正規データTDの割合を低く抑えることができ、攻撃データADとして正規データTDが用いられる可能性は、非常に低くなり、上記したケースが発生することは非常に少なくなる。 On the other hand, regarding the attack data AD, the communication relay device 100B can appropriately remove the data using the dummy data DD in the attack data AD, for example. If the data uses the regular data TD in the attack data AD, it will be transmitted to the communication node 22 side. However, in the communication terminal 90, since the attack data AD is generated using the transmission data Txn from the communication relay device 100A, it is not possible to recognize which data is the regular data TD, so the regular data TD is used. Since the attack data AD that was present cannot be transmitted intentionally, it is relatively unlikely that such a case will occur. Further, in the present embodiment, since the dummy data DD is transmitted more than the regular data TD, the ratio of the regular data TD to the transmitted data Txn can be suppressed low, and the regular data TD is used as the attack data AD. It is very unlikely to be used and the above cases are very unlikely to occur.
 したがって、通信中継装置100Bを介して通信ノード22に送信される不正なデータの数を抑制することができ、通信ノード22がダウンしてしまう事態を適切に防止することができる。 Therefore, it is possible to suppress the number of illegal data transmitted to the communication node 22 via the communication relay device 100B, and it is possible to appropriately prevent the situation where the communication node 22 goes down.
 次に、通信中継装置100A及100Bを詳細に説明する。なお、本実施形態では、通信中継装置100A及100Bは、同様な構成であるので、これらを総称して通信中継装置100として説明する。 Next, the communication relay devices 100A and 100B will be described in detail. In the present embodiment, the communication relay devices 100A and 100B have the same configuration, and therefore, these are collectively referred to as the communication relay device 100.
 図2は、第1実施形態に係る通信中継装置の構成図である。 FIG. 2 is a configuration diagram of the communication relay device according to the first embodiment.
 通信中継装置100は、例えば、ファイアウォール、IPSに分類される装置であり、記憶部の一例としての生成規則記憶器11と、ダミーデータ生成器12と、ダミーデータ除去器の一例としての不要データ除去器13と、除去規則記憶器14と、ダミーデータ判定器の一例としての不要データ判定器15と、ダミーデータ送信器の一例としてのデータ送信器16と、を備える。各部11~16は、ASICや、専用回路等のハードウェア回路で構成されていてもよいし、少なくとも一部は、プロセッサがプログラムを実行することにより構成されてもよい。 The communication relay device 100 is a device classified into, for example, a firewall and an IPS, and has a generation rule storage device 11 as an example of a storage unit, a dummy data generator 12, and unnecessary data removal as an example of a dummy data remover. A device 13, a removal rule storage device 14, an unnecessary data determination device 15 as an example of a dummy data determination device, and a data transmitter 16 as an example of a dummy data transmitter are provided. Each unit 11 to 16 may be configured by a hardware circuit such as an ASIC or a dedicated circuit, or at least a part thereof may be configured by executing a program by a processor.
 生成規則記憶器11は、生成するダミーデータについての生成規則を格納する。生成規則は、生成する複数種類のダミーデータそのものであってもよいし、複数種類のダミーデータを生成するための計算式等であってもよい。生成規則は、予め生成規則記憶器11に格納されていてもよく、また、外部装置から送信されてきたものが設定されていたもよい。なお、通信ノード間のデータを中継する各通信中継装置100(100A,100B)における生成規則は、同一となっている、或いは、同一となるように調整されている。 The generation rule storage 11 stores the generation rule for the dummy data to be generated. The generation rule may be the plurality of types of dummy data itself to be generated, or may be a calculation formula or the like for generating a plurality of types of dummy data. The production rule may be stored in the production rule storage 11 in advance, or may be set to be transmitted from an external device. The generation rules in each communication relay device 100 (100A, 100B) that relays data between communication nodes are the same or adjusted so as to be the same.
 ダミーデータ生成器12は、生成規則記憶器11に格納されている生成規則に基づいてダミーデータを生成する。ダミーデータ生成器12は、生成したダミーデータを不要データ判定器15及びデータ送信器16に送る。本実施形態では、ダミーデータ生成器12は、データ送信器16により送信される正規データよりも高い頻度でダミーデータが送信されるようにダミーデータを生成する。また、ダミーデータ生成器12は、複数種類のダミーデータを順次生成する。ここで、上記したように、通信ノード間のデータを中継する各通信中継装置100(100A,100B)における生成規則は同一であるので、各通信中継装置100のダミーデータ生成器12で生成されるダミーデータは同一となる。 The dummy data generator 12 generates dummy data based on the generation rule stored in the generation rule storage device 11. The dummy data generator 12 sends the generated dummy data to the unnecessary data determination device 15 and the data transmitter 16. In the present embodiment, the dummy data generator 12 generates dummy data so that the dummy data is transmitted at a higher frequency than the regular data transmitted by the data transmitter 16. Further, the dummy data generator 12 sequentially generates a plurality of types of dummy data. Here, as described above, since the generation rules in each communication relay device 100 (100A, 100B) that relays data between communication nodes are the same, they are generated by the dummy data generator 12 of each communication relay device 100. The dummy data will be the same.
 除去規則記憶器14は、不要データを除去するための規則(除去規則)を格納する。除去規則としては、例えば、データの送信先が、接続されている通信対象デバイスでないことや、データの送信元が信頼されている送信元ではないこと等である。なお、除去規則は、これに限られず、不正なデータであることを示す他の規則を含めてもよい。 The removal rule storage 14 stores a rule (removal rule) for removing unnecessary data. The removal rule is, for example, that the destination of the data is not the connected communication target device, the source of the data is not a trusted source, and the like. The removal rule is not limited to this, and may include other rules indicating that the data is invalid.
 不要データ判定器15は、通信路30側からの受信データRxnについて、除去規則記憶器14に格納されている除去規則に該当する不要データか否かを判定し、判定結果を不要データ除去器13に通知する。また、不要データ判定器15は、ダミーデータ生成器12から通知されるダミーデータ(例えば、所定期間内に通知されたダミーデータ)を記憶し、通信路30側からの受信データRxnについて、記憶しているダミーデータと一致する不要データか否かを判定し、判定結果を不要データ除去器13に通知する。 The unnecessary data determination device 15 determines whether or not the received data Rxn from the communication path 30 side is unnecessary data corresponding to the removal rule stored in the removal rule storage 14, and determines the determination result as the unnecessary data removal device 13. Notify to. Further, the unnecessary data determination device 15 stores dummy data notified from the dummy data generator 12 (for example, dummy data notified within a predetermined period), and stores the received data Rxn from the communication path 30 side. It is determined whether or not the data is unnecessary data that matches the dummy data, and the determination result is notified to the unnecessary data remover 13.
 不要データ除去器13は、通信路30側からの受信データについて、不要データ判定器15による判定結果に基づいて、処理をする。具体的には、不要データ除去器13は、判定結果が不要データである場合には、受信データを通信対象デバイス側に送信することなく除去する一方、判定結果が不要データでない場合には、受信データを通信対象デバイス側に送信する。 The unnecessary data remover 13 processes the received data from the communication path 30 side based on the determination result by the unnecessary data determination device 15. Specifically, the unnecessary data remover 13 removes the received data without transmitting the received data to the communication target device side when the determination result is unnecessary data, and receives the received data when the determination result is not unnecessary data. Send data to the communication target device side.
 データ送信器16は、通信対象デバイス側からのデータを通信路30側に中継する。また、データ送信部16は、ダミーデータ生成器12から通知されたダミーデータを通信路30側に送信する。例えば、通信中継装置100Aにおいては、データ送信器16は、ダミーデータを通信ノード21の正規データTDの送信先の通信ノード22宛に送信する。本実施形態では、データ送信器16は、ダミーデータDDを正規データTDよりも高い頻度で送信する。 The data transmitter 16 relays the data from the communication target device side to the communication path 30 side. Further, the data transmission unit 16 transmits the dummy data notified from the dummy data generator 12 to the communication path 30 side. For example, in the communication relay device 100A, the data transmitter 16 transmits dummy data to the communication node 22 to which the regular data TD of the communication node 21 is transmitted. In this embodiment, the data transmitter 16 transmits dummy data DD at a higher frequency than regular data TD.
 通信中継装置100では、データ送信器16が、通信路30側に正規データとともにダミーデータを送信するので、悪意者の通信端末90は、正規データを特定することができず、意図的に正規データによる攻撃データADを作成することができない。また、本実施形態では、ダミーデータを正規データよりも高い頻度で送信するようにしているので、正規データによる攻撃データADが生成される可能性を低くすることができる。 In the communication relay device 100, since the data transmitter 16 transmits dummy data together with the regular data to the communication path 30 side, the malicious communication terminal 90 cannot specify the regular data and intentionally the regular data. Attack data AD cannot be created. Further, in the present embodiment, since the dummy data is transmitted at a higher frequency than the regular data, it is possible to reduce the possibility that the attack data AD by the regular data is generated.
 また、通信中継装置100によると、不要データ判定器15が、通信路30側からの受信データについて、除去規則に該当する不要データか否かと、ダミーデータと一致する不要データか否かを判定し、判定結果が不要データである受信データについて、不要データ除去器13が通信対象デバイス側に送信することなく、除去する。したがって、例えば、攻撃データADがダミーデータによる攻撃データである場合には、不要データ除去器13により適切に除去され、通信対象デバイスの負荷を増加させることがない。すなわち、通信対象デバイスに対するDoS攻撃を防止できる。 Further, according to the communication relay device 100, the unnecessary data determination device 15 determines whether or not the received data from the communication path 30 side is unnecessary data that corresponds to the removal rule and whether or not it is unnecessary data that matches the dummy data. The unnecessary data remover 13 removes the received data whose determination result is unnecessary data without transmitting it to the communication target device side. Therefore, for example, when the attack data AD is attack data based on dummy data, it is appropriately removed by the unnecessary data remover 13 and does not increase the load on the communication target device. That is, it is possible to prevent a DoS attack on the communication target device.
 次に、第2実施形態に係る通信システムについて説明する。 Next, the communication system according to the second embodiment will be described.
 第2実施形態に係る通信システムは、第1実施形態に係る通信システムにおいて、通信中継装置100に代えて、一部の機能が異なる通信中継装置101を備えるようにしたものである。 The communication system according to the second embodiment is provided with a communication relay device 101 having a part of different functions in place of the communication relay device 100 in the communication system according to the first embodiment.
 次に、第2実施形態に係る通信中継装置101について説明する。 Next, the communication relay device 101 according to the second embodiment will be described.
 図3は、第2実施形態に係る通信中継装置の構成図である。なお、第1実施形態に係る通信中継装置100と同様な構成については、同様な符号を付して重複する説明を省略する。 FIG. 3 is a configuration diagram of the communication relay device according to the second embodiment. Note that the same configuration as that of the communication relay device 100 according to the first embodiment is designated by the same reference numerals and duplicated description will be omitted.
 通信中継装置101は、通信中継装置100の生成規則記憶器11及びダミーデータ生成器12に代えて、疑似乱数規則記憶器17、疑似乱数生成器18、及びタイミング調整器19を備える。 The communication relay device 101 includes a pseudo-random number rule storage device 17, a pseudo-random number generator 18, and a timing adjuster 19 in place of the generation rule storage device 11 and the dummy data generator 12 of the communication relay device 100.
 疑似乱数規則記憶器17は、疑似乱数を生成するための規則(疑似乱数規則)を記憶する。疑似乱数規則は、生成する疑似乱数を特定する計算式等であってもよい。疑似乱数規則は、予め疑似乱数規則記憶器17に固定的に格納されているものでもよく、また、外部装置から送信されて設定されたものでもよい。なお、通信ノード間のデータを中継する各通信中継装置101における疑似乱数規則は、同一となっている、又は、同一となるように調整されている。 The pseudo-random number rule storage 17 stores a rule for generating a pseudo-random number (pseudo-random number rule). The pseudo-random number rule may be a calculation formula or the like that specifies the pseudo-random number to be generated. The pseudo-random number rule may be fixedly stored in the pseudo-random number rule storage 17 in advance, or may be transmitted from an external device and set. The pseudo-random number rules in each communication relay device 101 that relays data between communication nodes are the same or adjusted so as to be the same.
 疑似乱数生成器18は、疑似乱数規則に基づいて、疑似乱数を作成し、この疑似乱数に基づいてダミーデータを生成する。なお、ダミーデータは、疑似乱数そのものであっても、それを一部に含んでいてもよい。なお、本実施形態では、疑似乱数によってダミーデータを生成する頻度は、正規データを送信する頻度よりも高くしている。 The pseudo-random number generator 18 creates a pseudo-random number based on the pseudo-random number rule, and generates dummy data based on this pseudo-random number. The dummy data may be a pseudo-random number itself or may include a part thereof. In the present embodiment, the frequency of generating dummy data by pseudo-random numbers is higher than the frequency of transmitting regular data.
 タイミング調整器19は、通信ノード間のデータを中継する各通信中継装置101における疑似乱数生成器18の動作タイミングを同期させるように、疑似乱数生成器18の動作タイミングを調整する。なお、タイミング調整器19は、例えば、NTP(Network Time Protocol)を用いて、通信中継装置101の時刻を正確な時刻として、他の通信中継装置101の時刻と同期させるようにし、その時刻に従って疑似乱数生成器18の動作タイミングを決定することにより、各通信中継装置101における疑似乱数生成器18の動作タイミングを同期させる。これにより、各通信中継装置101間で生成される疑似乱数を同期させることができ、すなわち、或る時間において生成される疑似乱数を同一とすることができ、不要データ判定器15によるダミーデータの不要データか否かの判定に利用することができる。 The timing adjuster 19 adjusts the operation timing of the pseudo-random number generator 18 so as to synchronize the operation timing of the pseudo-random number generator 18 in each communication relay device 101 that relays data between communication nodes. The timing adjuster 19 uses, for example, NTP (Network Time Protocol) to set the time of the communication relay device 101 as an accurate time and synchronize it with the time of another communication relay device 101, and pseudo-according to the time. By determining the operation timing of the random number generator 18, the operation timing of the pseudo random number generator 18 in each communication relay device 101 is synchronized. As a result, the pseudo-random numbers generated between the communication relay devices 101 can be synchronized, that is, the pseudo-random numbers generated at a certain time can be made the same, and the dummy data by the unnecessary data determination device 15 can be synchronized. It can be used to determine whether or not the data is unnecessary.
 次に、第3実施形態に係る通信システムについて説明する。 Next, the communication system according to the third embodiment will be described.
 第3実施形態に係る通信システムは、第1実施形態に係る通信システムにおいて、通信中継装置100に代えて、一部の機能が異なる通信中継装置102を備えるようにしたものである。 The communication system according to the third embodiment is provided with a communication relay device 102 having a part of different functions in place of the communication relay device 100 in the communication system according to the first embodiment.
 次に、第3実施形態に係る通信中継装置102について説明する。 Next, the communication relay device 102 according to the third embodiment will be described.
 図4は、第3実施形態に係る通信中継装置の構成図である。 FIG. 4 is a configuration diagram of the communication relay device according to the third embodiment.
 通信中継装置102は、通信中継装置100において、ダミーデータ生成器12に機能を追加するとともに、重複判定器20を新たに備えたものである。 The communication relay device 102 is a communication relay device 100 in which a function is added to the dummy data generator 12 and a duplication determination device 20 is newly provided.
 ダミーデータ生成器12は、生成したダミーデータを重複判定器20にも送信する。 The dummy data generator 12 also transmits the generated dummy data to the duplication determination device 20.
 重複判定器20は、所定の期間(例えば、数分程度)内にダミーデータ生成器12から通知されたダミーデータ(生成済ダミーデータ)を記憶し、通信路30側からの受信データRxnを参照し、生成済ダミーデータと一致するデータを複数回受信したか否かを判定する。なお、所定の期間は、例えば、ダミーデータ生成器12により同一のダミーデータが生成されることがないことが保証される期間である。重複判定器20は、生成済ダミーデータと一致するデータを複数回受信したと判定した場合には、生成済ダミーデータと一致するデータを複数回受信した旨、すなわち、DoS攻撃の可能性がある旨を、所定の通知先の端末等に通知する。これにより、DoS攻撃の可能性を適切に通知することができる。 The duplication determination device 20 stores dummy data (generated dummy data) notified from the dummy data generator 12 within a predetermined period (for example, about several minutes), and refers to the received data Rxn from the communication path 30 side. Then, it is determined whether or not the data matching the generated dummy data has been received a plurality of times. The predetermined period is, for example, a period in which it is guaranteed that the same dummy data will not be generated by the dummy data generator 12. When the duplication determination device 20 determines that the data matching the generated dummy data has been received a plurality of times, it means that the data matching the generated dummy data has been received a plurality of times, that is, there is a possibility of a DoS attack. Notify the fact to the terminal or the like of the predetermined notification destination. This makes it possible to appropriately notify the possibility of a DoS attack.
 なお、本発明は、上述の実施形態に限定されるものではなく、本発明の趣旨を逸脱しない範囲で、適宜変形して実施することが可能である。 The present invention is not limited to the above-described embodiment, and can be appropriately modified and implemented without departing from the spirit of the present invention.
 例えば、上述の実施形態では、通信デバイス21から通信デバイス22に対して正規データが送信される例を示していたが、本発明はこれに限られず、例えば、通信デバイス22から通信デバイス21に対して正規データが送信される場合にも適用することができる。 For example, in the above-described embodiment, an example in which regular data is transmitted from the communication device 21 to the communication device 22 has been shown, but the present invention is not limited to this, and for example, the communication device 22 to the communication device 21. It can also be applied when regular data is transmitted.
 また、上述の実施形態では、通信デバイス21から逐次正規データが送信される例を示していたが、本発明はこれに限られず、例えば、逐次送信されるデータ以外のデータ、例えば、任意の時点で送信するデータを送信する場合にも適用できる。 Further, in the above-described embodiment, an example in which regular data is sequentially transmitted from the communication device 21 has been shown, but the present invention is not limited to this, and for example, data other than the data to be sequentially transmitted, for example, an arbitrary time point. It can also be applied when sending data to be sent in.
 1…通信システム、11…生成規則記憶器、12…ダミーデータ生成器、13…不要データ除去器、14…除去規則記憶器、15…不要データ判定器、16…データ送信器、17…疑似乱数規則記憶器、18…疑似乱数生成器、19…タイミング調整器、20…重複判定器、21,22…通信ノード、30…通信路、90…通信端末、100,100A,100B,101,102…通信中継装置
  1 ... Communication system, 11 ... Generation rule storage, 12 ... Dummy data generator, 13 ... Unnecessary data remover, 14 ... Removal rule storage, 15 ... Unnecessary data judge, 16 ... Data transmitter, 17 ... Pseudo-random number Regular storage, 18 ... Pseudo-random number generator, 19 ... Timing adjuster, 20 ... Duplicate judge, 21,22 ... Communication node, 30 ... Communication path, 90 ... Communication terminal, 100, 100A, 100B, 101, 102 ... Communication relay device

Claims (10)

  1.  通信対象デバイスを含む第1側と、通信路を含む第2側との間に設けられ、前記第1側と、前記第2側との間の通信を中継する通信中継装置であって、
     所定の規則に基づくダミーデータを生成するダミーデータ生成器と、
     前記ダミーデータを前記第2側に送信するダミーデータ送信器と、
     前記第2側から受信した受信データが、前記所定の規則に基づくダミーデータか否かを判定するダミーデータ判定器と、
     前記受信データが前記ダミーデータである場合に、前記受信データを破棄するダミーデータ除去器と、
    を有する通信中継装置。     A communication relay device provided between a first side including a communication target device and a second side including a communication path and relaying communication between the first side and the second side.
    A dummy data generator that generates dummy data based on a predetermined rule,
    A dummy data transmitter that transmits the dummy data to the second side,
    A dummy data determination device that determines whether or not the received data received from the second side is dummy data based on the predetermined rule, and
    A dummy data remover that discards the received data when the received data is the dummy data,
    Communication relay device having.
  2.  前記ダミーデータ生成器は、複数種類のダミーデータを生成可能であって、ダミーデータを複数種類の中から順次切り替えて生成する
    請求項1に記載の通信中継装置。     The communication relay device according to claim 1, wherein the dummy data generator can generate a plurality of types of dummy data, and sequentially switches the dummy data from the plurality of types to generate the dummy data.
  3.  前記所定の規則を記憶する記憶部を更に備える
    請求項1に記載の通信中継装置。     The communication relay device according to claim 1, further comprising a storage unit that stores the predetermined rule.
  4.  前記所定の規則は、外部装置から受信して前記記憶部に設定されている
    請求項3に記載の通信中継装置。     The communication relay device according to claim 3, wherein the predetermined rule is received from an external device and set in the storage unit.
  5.  前記ダミーデータ生成器は、疑似乱数を用いてダミーデータを生成する
    請求項1に記載の通信中継装置。     The communication relay device according to claim 1, wherein the dummy data generator is a communication relay device that generates dummy data using pseudo-random numbers.
  6.  前記通信対象デバイスと通信を行う他の通信対象デバイスと、前記通信路との間には、他の通信中継装置が設けられており、
     前記ダミーデータ生成器は、前記他の通信中継装置と同期して前記疑似乱数を生成して、前記ダミーデータを生成する
    請求項5に記載の通信中継装置。     Another communication relay device is provided between the other communication target device that communicates with the communication target device and the communication path.
    The communication relay device according to claim 5, wherein the dummy data generator generates the pseudo-random number in synchronization with the other communication relay device to generate the dummy data.
  7.  所定の期間内に生成された前記ダミーデータである生成済ダミーデータと一致する受信データを複数回受信したか否かを判定し、前記生成済ダミーデータと一致する受信データを複数回受信した場合に、その旨を所定の通知先に通知する重複判定器を、
    さらに有する請求項1に記載の通信中継装置。     When it is determined whether or not the received data matching the generated dummy data, which is the generated dummy data, has been received multiple times within a predetermined period, and the received data matching the generated dummy data has been received multiple times. In addition, a duplicate judge that notifies the specified notification destination to that effect,
    The communication relay device according to claim 1, further comprising.
  8.  前記通信対象デバイスは、所定の形式の正規データを逐次送信するデバイスであり、
     前記ダミーデータ送信器は、前記正規データの送信頻度よりも高い頻度で前記ダミーデータを送信する
    請求項1に記載の通信中継装置・     The communication target device is a device that sequentially transmits regular data in a predetermined format.
    The communication relay device according to claim 1, wherein the dummy data transmitter transmits the dummy data at a frequency higher than the transmission frequency of the regular data.
  9.  送信元デバイスと、送信先デバイスとが通信路を介して接続されている通信システムであって、
     前記送信元デバイスと前記通信路との間に接続された第1通信中継装置と、前記通信路と、前記送信先デバイスとの間に接続された第2通信中継装置とを備え、
     前記第1通信中継装置は、所定の規則に基づくダミーデータを生成するダミーデータ生成器と、
     前記ダミーデータを前記通信路に送信するダミーデータ送信器と、を備え、
     前記第2通信中継装置は、
     前記通信路から受信した受信データが、前記所定の規則に基づくダミーデータか否かを判定するダミーデータ判定器と、
     前記受信データが前記ダミーデータである場合に、前記受信データを破棄するダミーデータ除去器と、を備える
    通信システム。     A communication system in which a source device and a destination device are connected via a communication path.
    A first communication relay device connected between the source device and the communication path, and a second communication relay device connected between the communication path and the destination device are provided.
    The first communication relay device includes a dummy data generator that generates dummy data based on a predetermined rule, and a dummy data generator.
    A dummy data transmitter for transmitting the dummy data to the communication path is provided.
    The second communication relay device is
    A dummy data determination device that determines whether or not the received data received from the communication path is dummy data based on the predetermined rule, and
    A communication system including a dummy data remover that discards the received data when the received data is the dummy data.
  10.  通信対象デバイスを含む第1側と、通信路を含む第2側との間の通信を制御する通信制御方法であって、
     所定の規則に基づくダミーデータを生成して前記ダミーデータを前記第2側に送信し、
     前記第2側から受信した受信データが、前記所定の規則に基づくダミーデータか否かを判定し、前記受信データが前記ダミーデータである場合に、前記受信データを破棄する
    通信制御方法。
     
     
          A communication control method for controlling communication between a first side including a communication target device and a second side including a communication path.
    Dummy data based on a predetermined rule is generated, and the dummy data is transmitted to the second side.
    A communication control method for determining whether or not the received data received from the second side is dummy data based on the predetermined rule, and discarding the received data when the received data is the dummy data.
PCT/JP2020/031108 2020-03-17 2020-08-18 Communication relay apparatus, communication system, and communication control method WO2021186761A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2020-046411 2020-03-17
JP2020046411A JP2021150712A (en) 2020-03-17 2020-03-17 Communication relay device, communication system, and communication control method

Publications (1)

Publication Number Publication Date
WO2021186761A1 true WO2021186761A1 (en) 2021-09-23

Family

ID=77768154

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/031108 WO2021186761A1 (en) 2020-03-17 2020-08-18 Communication relay apparatus, communication system, and communication control method

Country Status (2)

Country Link
JP (1) JP2021150712A (en)
WO (1) WO2021186761A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11298740A (en) * 1998-04-15 1999-10-29 Oki Data Corp Data transmission/reception method
JP2003143015A (en) * 2001-11-07 2003-05-16 Sony Corp Signal processing method and apparatus as well as code string generating method and apparatus
JP2010045524A (en) * 2008-08-11 2010-02-25 Hitachi Cable Ltd Switching hub, communication band confirmation method and communication band confirmation system
JP2018019218A (en) * 2016-07-27 2018-02-01 株式会社デンソー Electronic control device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11298740A (en) * 1998-04-15 1999-10-29 Oki Data Corp Data transmission/reception method
JP2003143015A (en) * 2001-11-07 2003-05-16 Sony Corp Signal processing method and apparatus as well as code string generating method and apparatus
JP2010045524A (en) * 2008-08-11 2010-02-25 Hitachi Cable Ltd Switching hub, communication band confirmation method and communication band confirmation system
JP2018019218A (en) * 2016-07-27 2018-02-01 株式会社デンソー Electronic control device

Also Published As

Publication number Publication date
JP2021150712A (en) 2021-09-27

Similar Documents

Publication Publication Date Title
JP6685023B2 (en) Electronic control device, communication method, and program
CN109792450B (en) Method and apparatus for providing secure communications within a real-time capable communications network
US8584237B2 (en) Improper communication detection system
KR102414860B1 (en) Network probes and methods for processing messages
US11405411B2 (en) Extraction apparatus, extraction method, computer readable medium
JP7150552B2 (en) Network protection devices and network protection systems
WO2021186761A1 (en) Communication relay apparatus, communication system, and communication control method
CN105580323B (en) Data packet is filtered by network filtering device
US20220224701A1 (en) Inference models for intrusion detection systems in time sensitive networks
Salazar et al. Enhancing the resiliency of cyber-physical systems with software-defined networks
JP2019125914A (en) Communication device and program
Manoj Cyber Security
JP5028202B2 (en) Control network system
JP2017163505A (en) Monitoring device, switch, communication device, communication system, monitoring method, and monitoring program
EP3766223B1 (en) Defeating man-in-the-middle attacks in one leg of 1+1 redundant network paths
EP4155998B1 (en) Intrusion prevention device, intrusion prevention method, and program
JP2008165601A (en) Communication monitoring system, communication monitoring device and communication control device
Colelli et al. Exploiting system model for securing cps: the anomaly based ids perspective
WO2014128840A1 (en) Data relay device, network system and data relay method
JP5879223B2 (en) Gateway device, gateway system and computer system
JP6220709B2 (en) COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM
AU2020409472B2 (en) Transmission device for transmitting data
JP2022160511A (en) End terminal, relay device, PLC device, and communication system
WO2022038880A1 (en) Communication relay device and communication relay method
CN114285602B (en) Distributed service security detection method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20925987

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20925987

Country of ref document: EP

Kind code of ref document: A1