WO2023089783A1 - Control device and control method - Google Patents

Control device and control method Download PDF

Info

Publication number
WO2023089783A1
WO2023089783A1 PCT/JP2021/042643 JP2021042643W WO2023089783A1 WO 2023089783 A1 WO2023089783 A1 WO 2023089783A1 JP 2021042643 W JP2021042643 W JP 2021042643W WO 2023089783 A1 WO2023089783 A1 WO 2023089783A1
Authority
WO
WIPO (PCT)
Prior art keywords
physical state
control device
electronic component
period
during
Prior art date
Application number
PCT/JP2021/042643
Other languages
French (fr)
Japanese (ja)
Inventor
数哉 五嶋
Original Assignee
ファナック株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ファナック株式会社 filed Critical ファナック株式会社
Priority to PCT/JP2021/042643 priority Critical patent/WO2023089783A1/en
Publication of WO2023089783A1 publication Critical patent/WO2023089783A1/en

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Definitions

  • the present invention relates to a control device and control method.
  • control device of the present disclosure is a control device that controls an industrial machine and is connectable to an external device, comprising: a measurement unit that measures the physical state of at least one electronic component at a measurement interval; a recording unit that records the physical state of the electronic component as a model waveform in association with the measurement period during each period during which each of the above arbitrary operation programs is executed and during standby; and each of the two or more arbitrary operation programs is executed or during the standby, the physical state of the electronic component measured by the measurement unit in association with the measurement period, and the arbitrary operation program being executed or the model corresponding to the standby
  • the absolute value of the difference between the physical state of the waveform and the physical state corresponding to the measurement period in which the physical state is measured is added every predetermined period of time during the execution of the arbitrary operation program or during the standby period to prevent excessive load on the resource. and a detection unit that determines whether or not a value obtained by adding a predetermined determination threshold against unauthorized access that interferes with the operation of the control device and the network
  • One aspect of the control method of the present disclosure is a control method for an industrial machine by a control device connectable to an external device, comprising: a measurement step of measuring the physical state of at least one electronic component at a measurement cycle; a recording step of recording the physical state of the electronic component as a model waveform in association with the measurement period during each period during which one or more arbitrary operation programs are executed and during standby; and the two or more arbitrary operation programs.
  • FIG. 10 is a diagram showing an example of current consumption of a CPU when an unauthorized access such as a DoS attack is received during execution of a processing program; 4 is a flowchart for explaining detection processing of a numerical control device;
  • FIG. 1 is a diagram illustrating a functional configuration example of a control system according to one embodiment.
  • a machine tool is exemplified as an industrial machine
  • a numerical controller is exemplified as a controller.
  • the present invention is not limited to machine tools and numerical control devices, but is also applicable to industrial machines such as injection molding machines, industrial robots, and service robots, and robot control devices that control industrial robots and the like. It is possible.
  • a machining program for causing a numerical control device to operate a machine tool will be exemplified as an operation program, but the same applies to a robot program for causing a robot control device to operate an industrial robot or the like. As shown in FIG.
  • the control system 1 includes a numerical control device 10 and a network 20. As shown in FIG.
  • the numerical controller 10 is connected to a network 20 such as a LAN (Local Area Network) or the Internet.
  • the numerical controller 10 has an external I/F (Interface) 11, which will be described later, for communicating with the network 20 through such connection.
  • I/F Interface
  • the numerical control device 10 is a numerical control device known to those skilled in the art, for example, generates commands based on a machining program obtained in advance from a CAD/CAM device (not shown) and outputs the generated commands to a machine tool (not shown). do. Thereby, the numerical controller 10 controls the operation of the machine tool (not shown). If the machine tool (not shown) is a robot or the like, the numerical controller 10 may be a robot controller or the like. As shown in FIG. 1, the numerical controller 10 includes an external I/F 11, a memory 12, a CPU (Central Processing Unit) 13, an ASIC (Application Specific Integrated Circuit) 14, and power supplies 21-24.
  • CPU Central Processing Unit
  • ASIC Application Specific Integrated Circuit
  • the external I/F 11 is, for example, a known network interface, and performs asynchronous communication with the network 20, such as collecting data such as the operation status of machine tools (not shown) and alarms/warnings.
  • the memory 12 is a storage unit such as ROM (Read Only Memory), RAM (Random Access Memory), HDD (Hard Disk Drive).
  • the memory 12 stores an operating system and application programs executed by a CPU 13, which will be described later, processing programs, and the like.
  • the memory 12 stores two or more arbitrary data in a normal state without unauthorized access that imposes an excessive load on resources such as a DoS attack and interferes with the operation of the numerical controller 10 and the network 20.
  • unauthorized access such as a DoS attack that imposes an excessive load on resources and interferes with the operation of the numerical controller 10 or the network 20
  • unauthorized access such as a DoS attack.
  • the CPU 13 is a known processor that controls the numerical controller 10 as a whole.
  • the CPU 13 reads the system program and application program stored in the memory 12 through the bus and controls the entire numerical controller 10 according to the system program and application program. Thereby, as shown in FIG. 2, the CPU 13 is configured to realize the functions of the measurement section 130, the detection section 131, and the operation control section 132.
  • FIG. 2 the CPU 13 is configured to realize the functions of the measurement section 130, the detection section 131, and the operation control section 132.
  • the measurement unit 130 measures the physical state of at least one electronic component at sampling intervals.
  • the CPU 13 is used as an electronic component, and the current consumption of the CPU 13 is used as the physical state of the electronic component.
  • the physical states of electronic components such as the external I/F 11, the memory 12, the ASIC 14, and the power consumption and junction temperature of the electronic components can be applied in the same manner as the current consumption of the CPU 13. .
  • the measurement unit 130 measures the current consumption of the CPU 13 during the period when the machining programs A and B are executed and during standby using, for example, an ammeter (not shown) arranged in the power supply 23 to be described later. It is measured as a physical state at the sampling period.
  • the measurement unit 130 outputs the measured current consumption of the CPU 13 to the detection unit 131 which will be described later.
  • FIG. 3 is a diagram showing an example of current consumption of the CPU 13 during the period when the machining programs A and B are executed and during standby.
  • the numerical controller 10 repeatedly executes a machining program A on a machine tool (not shown), and then switches from machining program A to machining program B during standby. , the machining program B is repeatedly executed.
  • the current consumption of the CPU 13 repeats time fluctuations according to the operation contents of the machining programs A and B in the normal state. Therefore, the measurement unit 130 measures in advance the current consumption of the CPU 13 at sampling intervals during the execution time of each of the machining programs A and B in a normal state, and saves the model waveform of the execution time of each of the machining programs A and B in the memory 12 in advance.
  • the numerical control unit 10 executes a program serving as a base such as an operating system such as exchanging a workpiece to be machined. Therefore, the measurement unit 130 may measure the current consumption of the CPU 13 in standby in advance at sampling intervals, and record the model waveform of the current consumption of the CPU 13 in standby in the memory 12 .
  • the measurement unit 130 may measure the current consumption of the external I/F 11, the memory 12, and the ASIC 14, which will be described later, at sampling intervals using ammeters (not shown) arranged in the respective power supplies 21, 22, and 24, which will be described later. good.
  • the detection unit 131 detects the physical state of the electronic component measured in association with the sampling period by the measurement unit 130 during the period when each of two or more arbitrary machining programs is executed or during standby, and the arbitrary machining being executed.
  • the absolute value of the difference between the model waveform corresponding to the program or the standby state and the physical state corresponding to the measurement period at which the physical state was measured is added every certain period during the execution period of the arbitrary machining program or during the standby period. , and a predetermined determination threshold against unauthorized access such as a DoS attack has exceeded.
  • movement of the detection part 131 when the machining program A is performed is demonstrated.
  • the operation of the detection unit 131 when the machining program B is being executed and during standby is the same as when the machining program A is being executed, and detailed description thereof will be omitted.
  • FIG. 4 is a diagram showing an example of the current consumption of the CPU 13 when it is subjected to unauthorized access such as a DoS attack while the processing program A is being executed.
  • the upper part of FIG. 4 shows the consumption current of the CPU 13 measured in association with the sampling period.
  • the model waveform of the current consumption of the CPU 13 in the normal state during the execution time of the machining program A is indicated by a dashed line
  • the current consumption of the CPU 13 in the normal state is indicated by a dashed line.
  • a solid line indicates the current consumption of the CPU 13 when the CPU 13 is connected.
  • the vertical axis indicates current consumption of the CPU 13, and the horizontal axis indicates time.
  • FIG. 4 shows a case where unauthorized access such as a DoS attack is received during the execution time (processing time) of processing program A in the center.
  • the detection unit 131 acquires the model waveform of the current consumption of the CPU 13 of the machining program A from the memory 12 . As shown in the lower part of FIG. 4, the detection unit 131 detects the consumption current of the CPU 13 measured by the measurement unit 130 in association with the sampling period, and the current consumption of the obtained model waveform of the execution time of the machining program A. The absolute value of the difference between the current consumption corresponding to the measured sampling cycle and the absolute value of the difference is added every fixed period T of the execution time (machining time) of the machining program A. That is, when the numerical controller 10 is subjected to unauthorized access such as a DoS attack, the processing load on the CPU 13 increases and the current consumption of the CPU 13 changes.
  • the detection unit 131 measures the current consumption of the model waveform (normal state) of the execution time of the processing program A. Calculate the difference from the current consumption. Note that the detection unit 131 resets the addition time and the addition value to "0" each time the fixed period T is reached. By doing so, the detection unit 131 can prevent erroneous determination due to addition of minute errors.
  • the detection unit 131 determines whether or not the added value exceeds a predetermined determination threshold ⁇ against unauthorized access such as a DoS attack.
  • the detection unit 131 determines that the numerical control device 10 has been subjected to unauthorized access such as a DoS attack when the added value exceeds the determination threshold ⁇ . For example, during the execution time (machining time) of the next machining program shown in FIG. As the current consumption increases, the added value exceeds the determination threshold ⁇ . As a result, the detection unit 131 determines that the numerical control device 10 is under unauthorized access such as a DoS attack.
  • the detection unit 131 can determine that the numerical control device 10 has been subjected to unauthorized access such as a DoS attack. Also, even if the numerical controller 10 receives excessive access for a period shorter than the execution time (processing time), the processing load on the CPU 13 increases, and the current consumption of the CPU 13 increases (or decreases) primarily. Therefore, the added value exceeds the determination threshold ⁇ . Accordingly, the detection unit 131 can determine that the numerical controller 10 is being accessed illegally such as by a DoS attack.
  • the determination threshold value ⁇ and the value of the fixed period T are determined so that the detection unit 131 does not determine normal asynchronous communication as unauthorized access such as a DoS attack during the execution time or standby of the processing programs A and B. is preferred.
  • the motion control unit 132 generates a command based on a machining program and outputs the generated command to a machine tool (not shown). from the network 20. Then, the operation control unit 132 may stop the processing program and record in the memory 12 a log indicating that an unauthorized access such as a DoS attack has been detected. Further, the operation control unit 132 may display (notify) a message or the like indicating that the unauthorized access has been detected on a display unit such as a liquid crystal display included in the numerical control device 10 or the machine tool (not shown).
  • the ASIC 14 is an application-specific integrated circuit, and performs specific processing in the numerical controller 10, for example.
  • the power supplies 21 to 24 supply power to the external I/F 11, memory 12, CPU 13, and ASIC 14, respectively.
  • the power supplies 21 to 24 may include ammeters (not shown) for measuring current consumption, and may output the measured current consumption to the measuring section 130 .
  • FIG. 5 is a flowchart for explaining detection processing of the numerical controller 10. As shown in FIG. The flow shown here is repeatedly executed each time the machining program is executed.
  • step S1 the measurement unit 130 uses an ammeter (not shown) arranged in the power supply 23 to measure the execution time of the machining programs A and B or current consumption during standby at sampling intervals.
  • step S2 the detection unit 131 acquires from the memory 12 the machining programs A and B that are being executed or the model waveform that is waiting.
  • step S3 the detection unit 131 detects the current consumption of the CPU 13 measured in association with the sampling period in step S1, and the sampling period in which the current consumption in the model waveform acquired from the memory 12 in step S2 is measured in step S1. Add the absolute value of the difference between the consumption current corresponding to
  • step S4 the detection unit 131 determines whether or not the added value added in step S3 has exceeded the determination threshold ⁇ . If the added value exceeds the determination threshold ⁇ , the process proceeds to step S8. On the other hand, if the added value is equal to or less than the determination threshold ⁇ , the process proceeds to step S5.
  • step S5 the detection unit 131 determines that there is no unauthorized access such as a DoS attack.
  • step S6 the detection unit 131 determines whether or not the added time is longer than or equal to the fixed period T, and if the added time is longer than or equal to the fixed period T, resets the added time and the added value to "0".
  • step S7 the detection unit 131 determines whether or not execution of the machining program has ended.
  • the numerical controller 10 ends the detection process.
  • the process returns to step S1.
  • step S8 the detection unit 131 determines that there is unauthorized access such as a DoS attack.
  • step S9 the operation control unit 132 disconnects the numerical controller 10 from the network 20. Then, the operation control unit 132 stops the processing program and records in the memory 12 a log indicating that an unauthorized access such as a DoS attack has been detected. Further, the operation control unit 132 displays (notifies) a message or the like indicating that the unauthorized access has been detected on the display unit of the numerical control device 10 or the machine tool (not shown). Then, the numerical controller 10 ends the detection process.
  • the numerical control device 10 utilizes the fact that the current consumption of the CPU 13 that actually operates changes to prevent excessive use of resources such as DoS attacks that use unknown vulnerabilities that are not recognized. Unauthorized access that imposes a heavy load and interferes with the operation of the numerical controller 10 and the network 20 can be easily detected.
  • the numerical control device 10 records in advance the model waveform of the physical state of the electronic component in a normal state for each operating situation such as the execution time of the machining programs A and B and during standby, so that DoS can be prevented in any operating situation. Unauthorized access such as an attack can be detected with high accuracy.
  • the numerical control device 10 is not limited to the above-described embodiment, and includes modifications, improvements, etc. within a range that can achieve the purpose.
  • the measuring unit 130 measures the current consumption of the CPU 13 at sampling intervals, but it is not limited to this.
  • the measurement unit 130 may measure the power consumption of the CPU 13 and the junction temperature of the CPU 13 at sampling intervals.
  • the power supply 23 that supplies power to the CPU 13 is generally a constant voltage power supply and the voltage V is constant. show similar changes.
  • the detection unit 131 can detect unauthorized access such as a DoS attack using the power consumption of the CPU 13 measured by the measurement unit 130 in the same manner as the current consumption.
  • RJA indicates the thermal resistance of the electronic component
  • Ta indicates the ambient temperature.
  • the detection unit 131 can detect unauthorized access such as a DoS attack using the junction temperature of the CPU 13 measured by the measurement unit 130, as in the case of current consumption.
  • the detection unit 131 detects unauthorized access such as a DoS attack based on the current consumption of the CPU 13, but the present invention is not limited to this.
  • the detection unit 131 detects unauthorized access such as a DoS attack based on current consumption, power consumption, or junction temperature of two or more electronic components such as the external I/F 11, the memory 12, the CPU 13, and the ASIC 14. good too.
  • the determination threshold is preferably set for each electronic component.
  • Each function included in the numerical control device 10 in one embodiment can be realized by hardware, software, or a combination thereof.
  • “implemented by software” means implemented by a computer reading and executing a program.
  • Non-transitory computer-readable media include various types of tangible storage media.
  • Examples of non-transitory computer-readable media include magnetic recording media (e.g., flexible discs, magnetic tapes, hard disk drives), magneto-optical recording media (e.g., magneto-optical discs), CD-ROMs (Read Only Memory), CD- R, CD-R/W, semiconductor memory (eg mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM).
  • the program may also be supplied to the computer on various types of transitory computer readable medium. Examples of transitory computer-readable media include electrical signals, optical signals, and electromagnetic waves. Transitory computer-readable media can deliver the program to the computer via wired communication channels, such as wires and optical fibers, or wireless communication channels.
  • steps of writing a program recorded on a recording medium include not only processes that are executed chronologically in order, but also processes that are executed in parallel or individually, even if they are not necessarily processed chronologically. It also includes
  • control device and control method of the present disclosure can take various embodiments having the following configurations.
  • the numerical control device 10 of the present disclosure is a control device that controls an industrial machine and can be connected to an external device, and includes a measurement unit 130 that measures the physical state of at least one electronic component at a measurement cycle, and a normal state A memory 12 that records the physical state of the electronic component as a model waveform in association with the measurement period during each period in which two or more arbitrary operation programs are executed and during standby, and two or more arbitrary operation programs, respectively is executed or during standby, the physical state of the electronic component measured in association with the measurement period by the measurement unit 130, and the physical state of the model waveform corresponding to the arbitrary operation program being executed or during standby
  • the absolute value of the difference from the physical state corresponding to the measurement period in which the state is measured is added every certain period of time during the execution of an arbitrary operation program or during standby, and the numerical control device 10 places an excessive load on resources.
  • a detection unit 131 that determines whether or not a value obtained by adding a predetermined determination threshold against unauthorized access that interferes with operation of the network 20 has exceeded.
  • this numerical controller 10 it is possible to easily detect unauthorized access such as a DoS attack that overloads resources and interferes with the operation of the numerical controller 10 and the network 20.
  • the physical state may be current consumption of electronic components.
  • the numerical controller 10 can accurately detect unauthorized access such as a DoS attack.
  • the physical state may be power consumption of electronic components. By doing so, the numerical controller 10 can achieve the same effect as (2).
  • the physical state may be the junction temperature of the electronic component. By doing so, the numerical controller 10 can achieve the same effect as (2).
  • the electronic component may include the CPU 13 .
  • the numerical controller 10 can quickly detect unauthorized access such as a DoS attack.
  • the numerical control device 10 when the detection unit 131 determines unauthorized access, at least the numerical control device 10 is cut off from the network 20 and the operation program is stopped. , an operation control unit 132 that records a log indicating that unauthorized access has been detected in the memory 12 . By doing so, the numerical controller 10 can avoid the effects of unauthorized access such as DoS attacks.
  • a control method of the present disclosure is a control method for an industrial machine by a numerical control device 10 connectable to an external device, comprising a measurement step of measuring the physical state of at least one electronic component at a measurement cycle; A recording step for recording the physical state of the electronic component as a model waveform in association with the measurement period during each period during which each of the two or more arbitrary operation programs is executed and during standby, and each of the two or more arbitrary operation programs
  • the physical state of the electronic component measured in association with the measurement period during the period during which is executed or during standby, and the physical state of the model waveform corresponding to any operating program being executed or during standby is measured
  • the absolute value of the difference from the physical state corresponding to the measurement period is added every fixed period during the execution of an arbitrary operation program or during standby, and the numerical control device 10 and the network 20 are operated by applying an excessive load to resources. and a detection step of determining whether a value plus a predetermined decision threshold for unauthorized access impeding the access has been exceeded.
  • control system 10 numerical controller 11 external I/F 12 memory 13 CPU 130 measurement unit 131 detection unit 132 operation control unit 14 ASIC 20 Network 21-24 Power supply

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Numerical Control (AREA)

Abstract

To easily detect an unauthorized access, such as a DoS attack, which imposes excessive loads on resources to disturb operation of a control device or network. This control device comprises: a measurement unit that measures the physical state of at least one electronic component in measurement cycles; a recording unit that records, as model waves in association with the measurement cycles, the physical states of the electronic component in a normal state during execution of each of certain operation programs and during standby of each of the operation programs; and a detection unit that adds up, at regular intervals during execution or standby of each of the operation programs, an absolute value of a difference between the physical state of the electronic component measured in association with the measurement cycle during execution or standby of the operation program and a physical state that is among the model waves corresponding to the operation program in execution or standby and corresponds to the measurement cycle in which the physical state of the electronic component has been measured and determines whether or not the added value exceeds a prescribed threshold value for determining an unauthorized access that imposes excessive loads on resources to disturb operation of the control device or network.

Description

制御装置及び制御方法Control device and control method
 本発明は、制御装置及び制御方法に関する。 The present invention relates to a control device and control method.
 近年、IoT(Internet of Things)の普及により、ネットワーク機器の適用範囲が拡大している。それに伴い、セキュリティの脆弱性による不正アクセスの事例も急増している。
 当該不正アクセスを防ぐために、発見されたセキュリティの脆弱性に対する最新パッチを適用することで、セキュリティを確保している。
 この点、受信したPDFネットワークコンテンツに悪意あるネットワークコンテンツを示す少なくとも1つの不審性が含まれているかを判断すべく、当該PDFネットワークコンテンツを検査し、少なくとも1つの不審性を含むと判断されたPDFネットワークコンテンツを、少なくとも1つの仮想マシンに提供し、少なくとも1つの不審性を含むと判断されたPDFネットワークコンテンツが悪意あるネットワークコンテンツを含むかを検証すべく、当該少なくとも1つの仮想マシンより受信した応答を分析する技術が知られている。例えば、特許文献1参照。 In recent years, the spread of IoT (Internet of Things) has expanded the application range of network devices. Along with this, cases of unauthorized access due to security vulnerabilities are also increasing rapidly.
In order to prevent such unauthorized access, security is ensured by applying the latest patches for discovered security vulnerabilities.
In this regard, examining the received PDF network content to determine if the received PDF network content contains at least one objection indicative of malicious network content, and the PDF determined to contain at least one objection. A response received from at least one virtual machine for providing network content to at least one virtual machine and verifying whether the PDF network content determined to contain malicious content contains malicious network content. is known. See Patent Document 1, for example.
特表2014-504765号公報Japanese Patent Publication No. 2014-504765
 不正アクセスの手段は常に新しいものが出現するため、認知されていない脆弱性に対してセキュリティが確保できない状態が存在する。
 また、工場の制御装置等は長期にわたって使用されるものが多く、導入時に適用したセキュリティ対策が、時間の経過とともに不十分な状態になったまま使い続けられてしまうことがある。
 そのため、未知の脆弱性や、不十分なセキュリティ対策の脆弱性を利用し、例えばDoS攻撃のようにリソースに過剰な負荷をかけて制御装置やネットワークの稼働を妨害されると、制御装置やシステムの安定稼働が妨げられてしまう場合がある。 Since new means of unauthorized access are constantly appearing, there exists a state in which security cannot be ensured against unrecognized vulnerabilities.
In addition, many factory control devices and the like are used for a long period of time, and the security measures applied at the time of introduction may continue to be used in an insufficient state over time.
Therefore, if an unknown vulnerability or a vulnerability in insufficient security measures is used to impose an excessive load on resources, such as a DoS attack, and the operation of the control device or network is disturbed, the control device or system will be damaged. may interfere with the stable operation of
 そこで、DoS攻撃等のリソースに過剰な負荷をかけて制御装置やネットワークの稼働を妨害する不正アクセスを容易に検知することが望まれている。 Therefore, it is desired to easily detect unauthorized access such as DoS attacks that overloads resources and interferes with the operation of control devices and networks.
 本開示の制御装置の一態様は、産業機械を制御し外部機器と接続可能な制御装置であって、少なくとも1つの電子部品の物理状態を測定周期で測定する測定部と、正常状態において2つ以上の任意の動作プログラムそれぞれが実行された期間及び待機中毎に前記電子部品の物理状態を前記測定周期に対応付けてモデル波形として記録する記録部と、前記2つ以上の任意の動作プログラムそれぞれが実行された期間又は前記待機中において前記測定部により前記測定周期に対応付けて測定された前記電子部品の物理状態と、実行されている前記任意の動作プログラム又は前記待機中に対応する前記モデル波形のうち当該物理状態が測定された測定周期に対応する物理状態との差分の絶対値を、前記任意の動作プログラムの実行期間又は前記待機中の一定期間毎に加算し、リソースに過剰な負荷をかけて前記制御装置やネットワークの稼働を妨害する不正アクセスに対する予め定められた判定閾値を加算した値が超過したか否かを判定する検知部と、を備える。 One aspect of the control device of the present disclosure is a control device that controls an industrial machine and is connectable to an external device, comprising: a measurement unit that measures the physical state of at least one electronic component at a measurement interval; a recording unit that records the physical state of the electronic component as a model waveform in association with the measurement period during each period during which each of the above arbitrary operation programs is executed and during standby; and each of the two or more arbitrary operation programs is executed or during the standby, the physical state of the electronic component measured by the measurement unit in association with the measurement period, and the arbitrary operation program being executed or the model corresponding to the standby The absolute value of the difference between the physical state of the waveform and the physical state corresponding to the measurement period in which the physical state is measured is added every predetermined period of time during the execution of the arbitrary operation program or during the standby period to prevent excessive load on the resource. and a detection unit that determines whether or not a value obtained by adding a predetermined determination threshold against unauthorized access that interferes with the operation of the control device and the network by multiplying by the above has exceeded.
 本開示の制御方法の一態様は、外部機器と接続可能な制御装置による産業機械の制御方法であって、少なくとも1つの電子部品の物理状態を測定周期で測定する測定ステップと、正常状態において2つ以上の任意の動作プログラムそれぞれが実行された期間及び待機中毎に前記電子部品の物理状態を前記測定周期に対応付けてモデル波形として記録する記録ステップと、前記2つ以上の任意の動作プログラムそれぞれが実行された期間又は前記待機中において前記測定周期に対応付けて測定された前記電子部品の物理状態と、実行されている前記任意の動作プログラム又は前記待機中に対応する前記モデル波形のうち当該物理状態が測定された測定周期に対応する物理状態との差分の絶対値を、前記任意の動作プログラムの実行期間又は前記待機中の一定期間毎に加算し、リソースに過剰な負荷をかけて前記制御装置やネットワークの稼働を妨害する不正アクセスに対する予め定められた判定閾値を加算した値が超過したか否かを判定する検知ステップと、を備える。 One aspect of the control method of the present disclosure is a control method for an industrial machine by a control device connectable to an external device, comprising: a measurement step of measuring the physical state of at least one electronic component at a measurement cycle; a recording step of recording the physical state of the electronic component as a model waveform in association with the measurement period during each period during which one or more arbitrary operation programs are executed and during standby; and the two or more arbitrary operation programs. Of the physical state of the electronic component measured in association with the measurement period during the period during which each is executed or during the standby, and the model waveform corresponding to the arbitrary operation program being executed or during the standby Adding the absolute value of the difference between the physical state and the physical state corresponding to the measurement period in which the physical state is measured is added every predetermined period of time during the execution of the arbitrary operation program or during the standby, and overloads the resource. and a detection step of determining whether or not a value obtained by adding a predetermined determination threshold against unauthorized access that interferes with the operation of the control device or network has exceeded.
 一態様によれば、DoS攻撃等のリソースに過剰な負荷をかけて制御装置やネットワークの稼働を妨害する不正アクセスを容易に検知することができる。 According to one aspect, it is possible to easily detect unauthorized access, such as a DoS attack, which imposes an excessive load on resources and interferes with the operation of the control device or network.
一実施形態に係る制御システムの機能的構成例を示す図である。It is a figure which shows the functional structural example of the control system which concerns on one Embodiment. CPUの機能的構成例を示す図である。It is a figure which shows the functional structural example of CPU. 加工プログラムが実行された期間及び待機中のCPUの消費電流の一例を示す図である。It is a figure which shows an example of the current consumption of CPU during the period when the machining program was executed, and during standby. 加工プログラムの実行期間においてDoS攻撃等の不正アクセスを受けている場合のCPUの消費電流の一例を示す図である。FIG. 10 is a diagram showing an example of current consumption of a CPU when an unauthorized access such as a DoS attack is received during execution of a processing program; 数値制御装置の検知処理について説明するフローチャートである。4 is a flowchart for explaining detection processing of a numerical control device;
<一実施形態>
 図1は、一実施形態に係る制御システムの機能的構成例を示す図である。ここでは、産業機械として工作機械を、また制御装置として数値制御装置を例示する。なお、本発明は、工作機械及び数値制御装置に限定されず、例えば射出成形機や産業用ロボット、サービス用ロボット等の産業機械、及び産業用ロボット等を制御するロボット制御装置に対しても適用可能である。
 また、本実施形態では、動作プログラムとして数値制御装置が工作機械を動作させる加工プログラムを例示して説明するが、ロボット制御装置が産業用ロボット等を動作させるロボットプログラム等の場合も同様である。
 図1に示すように、制御システム1は、数値制御装置10、及びネットワーク20を含む。
 数値制御装置10は、LAN(Local Area Network)やインターネット等のネットワーク20に接続される。この場合、数値制御装置10は、かかる接続によってネットワーク20との通信を行うための後述する外部I/F(Interface)11を備えている。 <One embodiment>
FIG. 1 is a diagram illustrating a functional configuration example of a control system according to one embodiment. Here, a machine tool is exemplified as an industrial machine, and a numerical controller is exemplified as a controller. It should be noted that the present invention is not limited to machine tools and numerical control devices, but is also applicable to industrial machines such as injection molding machines, industrial robots, and service robots, and robot control devices that control industrial robots and the like. It is possible.
Further, in the present embodiment, a machining program for causing a numerical control device to operate a machine tool will be exemplified as an operation program, but the same applies to a robot program for causing a robot control device to operate an industrial robot or the like.
As shown in FIG. 1, the control system 1 includes a numerical control device 10 and a network 20. As shown in FIG.
The numerical controller 10 is connected to a network 20 such as a LAN (Local Area Network) or the Internet. In this case, the numerical controller 10 has an external I/F (Interface) 11, which will be described later, for communicating with the network 20 through such connection.
<数値制御装置10>
 数値制御装置10は、当業者にとって公知の数値制御装置であり、例えば、図示しないCAD/CAM装置等から予め取得した加工プログラムに基づいて指令を生成し、生成した指令を図示しない工作機械に出力する。これにより、数値制御装置10は、図示しない工作機械の動作を制御する。なお、図示しない工作機械がロボット等の場合、数値制御装置10は、ロボット制御装置等でもよい。
 図1に示すように、数値制御装置10は、外部I/F11、メモリ12、CPU(Central Processing Unit)13、ASIC(Application Specific Integrated Circuit)14、及び電源21~24を含む。 <Numerical control device 10>
The numerical control device 10 is a numerical control device known to those skilled in the art, for example, generates commands based on a machining program obtained in advance from a CAD/CAM device (not shown) and outputs the generated commands to a machine tool (not shown). do. Thereby, the numerical controller 10 controls the operation of the machine tool (not shown). If the machine tool (not shown) is a robot or the like, the numerical controller 10 may be a robot controller or the like.
As shown in FIG. 1, the numerical controller 10 includes an external I/F 11, a memory 12, a CPU (Central Processing Unit) 13, an ASIC (Application Specific Integrated Circuit) 14, and power supplies 21-24.
 外部I/F11は、例えば、公知のネットワークインタフェースであり、図示しない工作機械の動作状態やアラーム/警告等のデータ収集等の非同期通信をネットワーク20との間で行う。 The external I/F 11 is, for example, a known network interface, and performs asynchronous communication with the network 20, such as collecting data such as the operation status of machine tools (not shown) and alarms/warnings.
 メモリ12は、ROM(Read Only Memory)、RAM(Random Access Memory)、HDD(Hard Disk Drive)等の記憶部である。メモリ12には、後述するCPU13が実行するオペレーティングシステム及びアプリケーションプログラムや、加工プログラム等が記憶される。
 また、メモリ12には、記録部として、DoS攻撃等のリソースに過剰な負荷をかけて数値制御装置10やネットワーク20の稼働を妨害する不正アクセスを受けていない正常状態において、2つ以上の任意の加工プログラムそれぞれが実行された期間及び待機中毎に、後述する測定部130により測定された後述するCPU13等の電子部品の物理状態(例えば、消費電流等)が測定部130の測定周期(以下、「サンプリング周期」ともいう)に対応付けてモデル波形として予め記録される。なお、以下、特に断らない限り、「DoS攻撃等のリソースに過剰な負荷をかけて数値制御装置10やネットワーク20の稼働を妨害する不正アクセス」を、「DoS攻撃等の不正アクセス」と略称する。 The memory 12 is a storage unit such as ROM (Read Only Memory), RAM (Random Access Memory), HDD (Hard Disk Drive). The memory 12 stores an operating system and application programs executed by a CPU 13, which will be described later, processing programs, and the like.
In addition, as a recording unit, the memory 12 stores two or more arbitrary data in a normal state without unauthorized access that imposes an excessive load on resources such as a DoS attack and interferes with the operation of the numerical controller 10 and the network 20. The physical state (e.g., current consumption, etc.) of electronic components such as the CPU 13, which will be described later, measured by the measuring unit 130 described later during each period during which each of the machining programs is executed and during standby is measured by the measuring unit 130 (hereinafter referred to as , also referred to as a “sampling period”) and recorded in advance as a model waveform. Hereinafter, unless otherwise specified, "unauthorized access such as a DoS attack that imposes an excessive load on resources and interferes with the operation of the numerical controller 10 or the network 20" will be abbreviated as "unauthorized access such as a DoS attack". .
 CPU13は、公知のプロセッサであり、数値制御装置10を全体的に制御するプロセッサである。CPU13は、メモリ12に格納されたシステムプログラム及びアプリケーションプログラムを、バスを介して読み出し、システムプログラム及びアプリケーションプログラムに従って数値制御装置10全体を制御する。これにより、図2に示すように、CPU13が、測定部130、検知部131、及び動作制御部132の機能を実現するように構成される。 The CPU 13 is a known processor that controls the numerical controller 10 as a whole. The CPU 13 reads the system program and application program stored in the memory 12 through the bus and controls the entire numerical controller 10 according to the system program and application program. Thereby, as shown in FIG. 2, the CPU 13 is configured to realize the functions of the measurement section 130, the detection section 131, and the operation control section 132. FIG.
 測定部130は、少なくとも1つの電子部品の物理状態をサンプリング周期で測定する。
 以下では、電子部品としてCPU13を、電子部品の物理状態としてCPU13の消費電流を例示して説明する。なお、後述するように、外部I/F11、メモリ12、ASIC14等の電子部品、及び消費電力やジャンクション温度の電子部品の物理状態についても、CPU13の消費電流の場合と同様に適用することができる。
 具体的には、測定部130は、例えば、後述する電源23に配置された図示しない電流計を用いて、加工プログラムA、Bそれぞれが実行された期間及び待機中のCPU13の消費電流をCPU13の物理状態としてサンプリング周期で測定する。測定部130は、測定したCPU13の消費電流を後述する検知部131に出力する。 The measurement unit 130 measures the physical state of at least one electronic component at sampling intervals.
In the following description, the CPU 13 is used as an electronic component, and the current consumption of the CPU 13 is used as the physical state of the electronic component. As will be described later, the physical states of electronic components such as the external I/F 11, the memory 12, the ASIC 14, and the power consumption and junction temperature of the electronic components can be applied in the same manner as the current consumption of the CPU 13. .
Specifically, the measurement unit 130 measures the current consumption of the CPU 13 during the period when the machining programs A and B are executed and during standby using, for example, an ammeter (not shown) arranged in the power supply 23 to be described later. It is measured as a physical state at the sampling period. The measurement unit 130 outputs the measured current consumption of the CPU 13 to the detection unit 131 which will be described later.
 図3は、加工プログラムA、Bが実行された期間及び待機中のCPU13の消費電流の一例を示す図である。
 図3に示すように、数値制御装置10は、図示しない工作機械に対して加工プログラムAを繰り返して実行した後、待機中に加工プログラムAから加工プログラムBに切り替えて、図示しない工作機械に対して加工プログラムBを繰り返して実行する。このため、CPU13の消費電流は、正常状態の場合、加工プログラムA、Bそれぞれの動作内容に応じた時間変動を繰り返す。そこで、測定部130は、正常状態における加工プログラムA、Bそれぞれの実行時間において、CPU13の消費電流をサンプリング周期で予め測定し、加工プログラムA、Bそれぞれの実行時間のモデル波形としてメモリ12に予め記録するようにしてもよい。
 また、待機中(未加工)では、例えば、加工プログラムAから加工プログラムBへの切り替えとともに、加工対象のワークの交換等、数値制御装置10(CPU13)はオペレーティング等のベースとなるプログラムを実行していることから、測定部130は、待機中のCPU13の消費電流をサンプリング周期で予め測定し、待機中のCPU13の消費電流のモデル波形をメモリ12に記録するようにしてもよい。 FIG. 3 is a diagram showing an example of current consumption of the CPU 13 during the period when the machining programs A and B are executed and during standby.
As shown in FIG. 3, the numerical controller 10 repeatedly executes a machining program A on a machine tool (not shown), and then switches from machining program A to machining program B during standby. , the machining program B is repeatedly executed. For this reason, the current consumption of the CPU 13 repeats time fluctuations according to the operation contents of the machining programs A and B in the normal state. Therefore, the measurement unit 130 measures in advance the current consumption of the CPU 13 at sampling intervals during the execution time of each of the machining programs A and B in a normal state, and saves the model waveform of the execution time of each of the machining programs A and B in the memory 12 in advance. You may make it record.
In addition, during standby (unprocessed), for example, along with switching from machining program A to machining program B, the numerical control unit 10 (CPU 13) executes a program serving as a base such as an operating system such as exchanging a workpiece to be machined. Therefore, the measurement unit 130 may measure the current consumption of the CPU 13 in standby in advance at sampling intervals, and record the model waveform of the current consumption of the CPU 13 in standby in the memory 12 .
 なお、測定部130は、後述する電源21、22、24それぞれに配置された図示しない電流計を用いて外部I/F11、メモリ12、及び後述するASIC14の消費電流をサンプリング周期で測定してもよい。 Note that the measurement unit 130 may measure the current consumption of the external I/F 11, the memory 12, and the ASIC 14, which will be described later, at sampling intervals using ammeters (not shown) arranged in the respective power supplies 21, 22, and 24, which will be described later. good.
 検知部131は、2つ以上の任意の加工プログラムそれぞれが実行された期間又は待機中において測定部130によりサンプリング周期に対応付けて測定された電子部品の物理状態と、実行されている任意の加工プログラム又は待機中に対応するモデル波形のうち当該物理状態が測定された測定周期に対応する物理状態との差分の絶対値を、任意の加工プログラムの実行期間又は待機中の一定期間毎に加算し、DoS攻撃等の不正アクセスに対する予め定められた判定閾値を加算した値が超過したか否かを判定する。
 以下では、加工プログラムAが実行されている場合の検知部131の動作について説明する。なお、加工プログラムBが実行されている場合及び待機中の場合の検知部131の動作についても、加工プログラムAが実行されている場合と同様であり、詳細な説明は省略する。 The detection unit 131 detects the physical state of the electronic component measured in association with the sampling period by the measurement unit 130 during the period when each of two or more arbitrary machining programs is executed or during standby, and the arbitrary machining being executed. The absolute value of the difference between the model waveform corresponding to the program or the standby state and the physical state corresponding to the measurement period at which the physical state was measured is added every certain period during the execution period of the arbitrary machining program or during the standby period. , and a predetermined determination threshold against unauthorized access such as a DoS attack has exceeded.
Below, operation|movement of the detection part 131 when the machining program A is performed is demonstrated. The operation of the detection unit 131 when the machining program B is being executed and during standby is the same as when the machining program A is being executed, and detailed description thereof will be omitted.
 図4は、加工プログラムAの実行期間においてDoS攻撃等の不正アクセスを受けている場合のCPU13の消費電流の一例を示す図である。
 図4の上段は、サンプリング周期に対応付けて測定されたCPU13の消費電流を示す。図4の上段では、加工プログラムAの実行時間における正常状態のCPU13の消費電流のモデル波形を破線で示し、正常状態のCPU13の消費電流を一点鎖線で示し、DoS攻撃等の不正アクセスを受けている場合のCPU13の消費電流を実線で示す。また、図4の上段では、縦軸はCPU13の消費電流を示し、横軸は時刻を示す。
 一方、図4の下段では、図4の上段に示す測定されたCPU13の消費電流と、加工プログラムAの実行時間のモデル波形の消費電流と、の差分の絶対値を加工プログラムAの実行時間の一定期間毎に加算した加算値を示す。また、図4の下段では、正常状態のCPU13の消費電流と加工プログラムAの実行時間のモデル波形の消費電流との差分の絶対値の加算値を破線で示し、DoS攻撃等の不正アクセスを受けている場合のCPU13の消費電流と加工プログラムAの実行時間のモデル波形の消費電流との差分の絶対値の加算値を実線で示す。
 なお、図4では、中央の加工プログラムAの実行時間(加工時間)に、DoS攻撃等の不正アクセスを受けている場合を示す。 FIG. 4 is a diagram showing an example of the current consumption of the CPU 13 when it is subjected to unauthorized access such as a DoS attack while the processing program A is being executed.
The upper part of FIG. 4 shows the consumption current of the CPU 13 measured in association with the sampling period. In the upper part of FIG. 4, the model waveform of the current consumption of the CPU 13 in the normal state during the execution time of the machining program A is indicated by a dashed line, and the current consumption of the CPU 13 in the normal state is indicated by a dashed line. A solid line indicates the current consumption of the CPU 13 when the CPU 13 is connected. In the upper part of FIG. 4, the vertical axis indicates current consumption of the CPU 13, and the horizontal axis indicates time.
On the other hand, in the lower part of FIG. 4, the absolute value of the difference between the measured current consumption of the CPU 13 shown in the upper part of FIG. Shows the additional value added at regular intervals. In the lower part of FIG. 4, the sum of the absolute values of the difference between the current consumption of the CPU 13 in the normal state and the current consumption of the model waveform of the execution time of the processing program A is indicated by a dashed line. The sum of the absolute values of the differences between the current consumption of the CPU 13 and the current consumption of the model waveform of the execution time of the machining program A is indicated by a solid line.
Note that FIG. 4 shows a case where unauthorized access such as a DoS attack is received during the execution time (processing time) of processing program A in the center.
 検知部131は、例えば、加工プログラムAが実行されている期間の場合、加工プログラムAのCPU13の消費電流のモデル波形をメモリ12から取得する。検知部131は、図4の下段に示すように、測定部130によりサンプリング周期に対応付けて測定されたCPU13の消費電流と、取得した加工プログラムAの実行時間のモデル波形のうち当該消費電流が測定されたサンプリング周期に対応する消費電流と、の差分の絶対値を加工プログラムAの実行時間(加工時間)の一定期間T毎に加算する。すなわち、数値制御装置10がDoS攻撃のような不正アクセスを受けている場合、CPU13の処理負荷が増大してCPU13の消費電流が変化する。そこで、検知部131は、CPU13のハードウェアの負荷変動を利用してDoS攻撃等の不正アクセスを検知するために、加工プログラムAの実行時間のモデル波形(正常状態)の消費電流と測定された消費電流との差分を算出する。
 なお、検知部131は、一定期間Tとなる度に加算時間及び加算値を「0」にリセットする。
 そうすることで、検知部131は、微小な誤差の加算による誤判定を防ぐことができる。 For example, when the machining program A is being executed, the detection unit 131 acquires the model waveform of the current consumption of the CPU 13 of the machining program A from the memory 12 . As shown in the lower part of FIG. 4, the detection unit 131 detects the consumption current of the CPU 13 measured by the measurement unit 130 in association with the sampling period, and the current consumption of the obtained model waveform of the execution time of the machining program A. The absolute value of the difference between the current consumption corresponding to the measured sampling cycle and the absolute value of the difference is added every fixed period T of the execution time (machining time) of the machining program A. That is, when the numerical controller 10 is subjected to unauthorized access such as a DoS attack, the processing load on the CPU 13 increases and the current consumption of the CPU 13 changes. Therefore, in order to detect unauthorized access such as a DoS attack using the load fluctuation of the hardware of the CPU 13, the detection unit 131 measures the current consumption of the model waveform (normal state) of the execution time of the processing program A. Calculate the difference from the current consumption.
Note that the detection unit 131 resets the addition time and the addition value to "0" each time the fixed period T is reached.
By doing so, the detection unit 131 can prevent erroneous determination due to addition of minute errors.
 そして、検知部131は、DoS攻撃等の不正アクセスに対する予め定められた判定閾値αを加算値が超過したか否かを判定する。検知部131は、加算値が判定閾値αを超過した場合、数値制御装置10がDoS攻撃等の不正アクセスを受けていると判定する。
 例えば、図4に示す次の加工プログラムの実行時間(加工時間)において、数値制御装置10が実行時間(加工時間)に過剰アクセス等を受けている場合、CPU13の処理負荷が増大し、CPU13の消費電流が増大することにより、加算値が判定閾値αを超過する。これにより、検知部131は、数値制御装置10がDoS攻撃等の不正アクセスを受けていると判定する。
 また、数値制御装置10が実行時間(加工時間)に過剰アクセス等を受けることで、CPU13に過剰な処理負荷がかかった場合、例えば、メモリ12の空き容量不足に起因してCPU13の処理が遅くなり、CPU13の消費電流が減少する。この場合でも加算値が判定閾値αを超過することから、検知部131は、数値制御装置10がDoS攻撃等の不正アクセスを受けていると判定することができる。
 また、数値制御装置10が実行時間(加工時間)より短い期間の過剰アクセス等を受けたとしても、CPU13の処理の負荷が増大し、CPU13の消費電流が1次的に増大(又は減少)するため、加算値が判定閾値αを超過する。これにより、検知部131は、数値制御装置10がDoS攻撃等の不正アクセスを受けていると判定することができる。 Then, the detection unit 131 determines whether or not the added value exceeds a predetermined determination threshold α against unauthorized access such as a DoS attack. The detection unit 131 determines that the numerical control device 10 has been subjected to unauthorized access such as a DoS attack when the added value exceeds the determination threshold α.
For example, during the execution time (machining time) of the next machining program shown in FIG. As the current consumption increases, the added value exceeds the determination threshold α. As a result, the detection unit 131 determines that the numerical control device 10 is under unauthorized access such as a DoS attack.
In addition, when the numerical control device 10 receives an excessive access during the execution time (processing time) and an excessive processing load is applied to the CPU 13, for example, the processing of the CPU 13 is slowed down due to lack of free space in the memory 12. As a result, the current consumption of the CPU 13 is reduced. Even in this case, since the added value exceeds the determination threshold value α, the detection unit 131 can determine that the numerical control device 10 has been subjected to unauthorized access such as a DoS attack.
Also, even if the numerical controller 10 receives excessive access for a period shorter than the execution time (processing time), the processing load on the CPU 13 increases, and the current consumption of the CPU 13 increases (or decreases) primarily. Therefore, the added value exceeds the determination threshold α. Accordingly, the detection unit 131 can determine that the numerical controller 10 is being accessed illegally such as by a DoS attack.
 なお、判定閾値α及び一定期間Tの値は、加工プログラムA、Bの実行時間又は待機中において、検知部131が正常な非同期通信等をDoS攻撃等の不正アクセスと判定しないように、決められることが好ましい。 The determination threshold value α and the value of the fixed period T are determined so that the detection unit 131 does not determine normal asynchronous communication as unauthorized access such as a DoS attack during the execution time or standby of the processing programs A and B. is preferred.
 動作制御部132は、例えば、加工プログラムに基づいて指令を生成し、生成した指令を図示しない工作機械に出力するとともに、検知部131がDoS攻撃等の不正アクセスと判定した場合、数値制御装置10をネットワーク20から遮断する。そして、動作制御部132は、加工プログラムを停止し、DoS攻撃等の不正アクセスを検知したというログをメモリ12に記録するようにしてもよい。また、動作制御部132は、数値制御装置10又は工作機械(図示しない)に含まれる液晶ディスプレイ等の表示部に当該不正アクセスを検知したというメッセージ等を表示(通知)するようにしてもよい。 For example, the motion control unit 132 generates a command based on a machining program and outputs the generated command to a machine tool (not shown). from the network 20. Then, the operation control unit 132 may stop the processing program and record in the memory 12 a log indicating that an unauthorized access such as a DoS attack has been detected. Further, the operation control unit 132 may display (notify) a message or the like indicating that the unauthorized access has been detected on a display unit such as a liquid crystal display included in the numerical control device 10 or the machine tool (not shown).
 ASIC14は、特定用途向け集積回路であり、例えば、数値制御装置10における特定の処理を行う。 The ASIC 14 is an application-specific integrated circuit, and performs specific processing in the numerical controller 10, for example.
 電源21~24は、外部I/F11、メモリ12、CPU13、及びASIC14それぞれに電力を供給する。なお、電源21~24は、消費電流を測定する図示しない電流計を含んでもよく、測定された消費電流を測定部130に出力してもよい。 The power supplies 21 to 24 supply power to the external I/F 11, memory 12, CPU 13, and ASIC 14, respectively. The power supplies 21 to 24 may include ammeters (not shown) for measuring current consumption, and may output the measured current consumption to the measuring section 130 .
<数値制御装置10の検知処理>
 次に、図5を参照しながら、数値制御装置10の検知処理の流れを説明する。
 図5は、数値制御装置10の検知処理について説明するフローチャートである。ここで示すフローは、加工プログラムが実行される度に繰り返し実行される。 <Detection processing of numerical controller 10>
Next, the flow of detection processing of the numerical controller 10 will be described with reference to FIG.
FIG. 5 is a flowchart for explaining detection processing of the numerical controller 10. As shown in FIG. The flow shown here is repeatedly executed each time the machining program is executed.
 ステップS1において、測定部130は、電源23に配置された図示しない電流計を用いて加工プログラムA、Bの実行時間又は待機中の消費電流をサンプリング周期で測定する。 In step S1, the measurement unit 130 uses an ammeter (not shown) arranged in the power supply 23 to measure the execution time of the machining programs A and B or current consumption during standby at sampling intervals.
 ステップS2において、検知部131は、実行されている加工プログラムA、B又は待機中のモデル波形をメモリ12から取得する。 In step S2, the detection unit 131 acquires from the memory 12 the machining programs A and B that are being executed or the model waveform that is waiting.
 ステップS3において、検知部131は、ステップS1においてサンプリング周期に対応付けて測定されたCPU13の消費電流と、ステップS2でメモリ12から取得したモデル波形のうちステップS1で消費電流が測定されたサンプリング周期に対応する消費電流と、の差分の絶対値を加算する。 In step S3, the detection unit 131 detects the current consumption of the CPU 13 measured in association with the sampling period in step S1, and the sampling period in which the current consumption in the model waveform acquired from the memory 12 in step S2 is measured in step S1. Add the absolute value of the difference between the consumption current corresponding to
 ステップS4において、検知部131は、ステップS3で加算した加算値が判定閾値αを超過したか否かを判定する。加算値が判定閾値αを超過した場合、処理はステップS8に進む。一方、加算値が判定閾値α以下の場合、処理はステップS5に進む。 In step S4, the detection unit 131 determines whether or not the added value added in step S3 has exceeded the determination threshold α. If the added value exceeds the determination threshold α, the process proceeds to step S8. On the other hand, if the added value is equal to or less than the determination threshold α, the process proceeds to step S5.
 ステップS5において、検知部131は、DoS攻撃等の不正アクセスなしと判定する。 In step S5, the detection unit 131 determines that there is no unauthorized access such as a DoS attack.
 ステップS6において、検知部131は、加算時間が一定期間T以上か否かを判定し、加算時間が一定期間T以上の場合、加算時間及び加算値を「0」にリセットする。 In step S6, the detection unit 131 determines whether or not the added time is longer than or equal to the fixed period T, and if the added time is longer than or equal to the fixed period T, resets the added time and the added value to "0".
 ステップS7において、検知部131は、加工プログラムの実行が終了したか否かを判定する。加工プログラムの実行が終了した場合、数値制御装置10は検知処理を終了する。一方、加工プログラムの実行が終了していない場合、処理はステップS1に戻る。 In step S7, the detection unit 131 determines whether or not execution of the machining program has ended. When execution of the machining program ends, the numerical controller 10 ends the detection process. On the other hand, if execution of the machining program has not ended, the process returns to step S1.
 ステップS8において、検知部131は、DoS攻撃等の不正アクセスありと判定する。 In step S8, the detection unit 131 determines that there is unauthorized access such as a DoS attack.
 ステップS9において、動作制御部132は、数値制御装置10をネットワーク20から遮断する。そして、動作制御部132は、加工プログラムを停止し、DoS攻撃等の不正アクセスを検知したというログをメモリ12に記録する。また、動作制御部132は、数値制御装置10又は工作機械(図示しない)の表示部に当該不正アクセスを検知したというメッセージ等を表示(通知)する。そして、数値制御装置10は検知処理を終了する。 In step S9, the operation control unit 132 disconnects the numerical controller 10 from the network 20. Then, the operation control unit 132 stops the processing program and records in the memory 12 a log indicating that an unauthorized access such as a DoS attack has been detected. Further, the operation control unit 132 displays (notifies) a message or the like indicating that the unauthorized access has been detected on the display unit of the numerical control device 10 or the machine tool (not shown). Then, the numerical controller 10 ends the detection process.
 以上により、一実施形態に係る数値制御装置10は、実際に動作するCPU13の消費電流が変化することを利用することにより、認知されていない未知の脆弱性を利用したDoS攻撃等のリソースに過剰な負荷をかけて数値制御装置10やネットワーク20の稼働を妨害する不正アクセスを容易に検知することができる。
 また、数値制御装置10は、加工プログラムA、Bの実行時間や待機中等の稼働状況毎に正常状態の電子部品の物理状態のモデル波形を予め記録することにより、どのような稼働状況においてもDoS攻撃等の不正アクセスを精度良く検知することができる。 As described above, the numerical control device 10 according to one embodiment utilizes the fact that the current consumption of the CPU 13 that actually operates changes to prevent excessive use of resources such as DoS attacks that use unknown vulnerabilities that are not recognized. Unauthorized access that imposes a heavy load and interferes with the operation of the numerical controller 10 and the network 20 can be easily detected.
In addition, the numerical control device 10 records in advance the model waveform of the physical state of the electronic component in a normal state for each operating situation such as the execution time of the machining programs A and B and during standby, so that DoS can be prevented in any operating situation. Unauthorized access such as an attack can be detected with high accuracy.
 以上、一実施形態について説明したが、数値制御装置10は、上述の実施形態に限定されるものではなく、目的を達成できる範囲での変形、改良等を含む。 Although one embodiment has been described above, the numerical control device 10 is not limited to the above-described embodiment, and includes modifications, improvements, etc. within a range that can achieve the purpose.
<変形例1>
 一実施形態では、測定部130は、CPU13の消費電流をサンプリング周期で測定したが、これに限定されない。例えば、測定部130は、CPU13の消費電力やCPU13のジャンクション温度をサンプリング周期で測定してもよい。
 例えば、消費電力の場合、CPU13に電力を供給する電源23は一般的に定電圧電源であり電圧Vは一定であることから、消費電力Pは、P=V×Iの関係から消費電流Iと同様の変化を示す。これにより、検知部131は、消費電流の場合と同様に、測定部130により測定されたCPU13の消費電力を用いて、DoS攻撃等の不正アクセスを検知することができる。
 また、ジャンクション温度の場合、CPU13を含む電子部品で消費された電力によって電子部品が発熱するため、ジャンクション温度Tjは、Tj=P×RJA+Taの関係から消費電力P(すなわち消費電流I)と同様の変化を示す。なお、RJAは電子部品の熱抵抗を示し、Taは周囲温度を示す。これにより、検知部131は、消費電流の場合と同様に、測定部130により測定されたCPU13のジャンクション温度を用いて、DoS攻撃等の不正アクセスを検知することができる。 <Modification 1>
In one embodiment, the measuring unit 130 measures the current consumption of the CPU 13 at sampling intervals, but it is not limited to this. For example, the measurement unit 130 may measure the power consumption of the CPU 13 and the junction temperature of the CPU 13 at sampling intervals.
For example, in the case of power consumption, the power supply 23 that supplies power to the CPU 13 is generally a constant voltage power supply and the voltage V is constant. show similar changes. As a result, the detection unit 131 can detect unauthorized access such as a DoS attack using the power consumption of the CPU 13 measured by the measurement unit 130 in the same manner as the current consumption.
In addition, in the case of the junction temperature, since the electronic components including the CPU 13 generate heat due to the power consumed by the electronic components, the junction temperature Tj can be calculated from the relationship Tj=P×R JA +Ta by the power consumption P (that is, the current consumption I). show similar changes. Note that RJA indicates the thermal resistance of the electronic component, and Ta indicates the ambient temperature. As a result, the detection unit 131 can detect unauthorized access such as a DoS attack using the junction temperature of the CPU 13 measured by the measurement unit 130, as in the case of current consumption.
<変形例2>
 また例えば、上述の実施形態では、検知部131は、CPU13の消費電流に基づいてDoS攻撃等の不正アクセスを検知したが、これに限定されない。例えば、検知部131は、2つ以上の外部I/F11、メモリ12、CPU13、ASIC14等の電子部品の消費電流、消費電力、又はジャンクション温度に基づいて、DoS攻撃等の不正アクセスを検知してもよい。この場合、判定閾値は、電子部品毎に設定されることが好ましい。 <Modification 2>
Further, for example, in the above-described embodiment, the detection unit 131 detects unauthorized access such as a DoS attack based on the current consumption of the CPU 13, but the present invention is not limited to this. For example, the detection unit 131 detects unauthorized access such as a DoS attack based on current consumption, power consumption, or junction temperature of two or more electronic components such as the external I/F 11, the memory 12, the CPU 13, and the ASIC 14. good too. In this case, the determination threshold is preferably set for each electronic component.
 なお、一実施形態における数値制御装置10に含まれる各機能は、ハードウェア、ソフトウェア又はこれらの組み合わせによりそれぞれ実現することができる。ここで、ソフトウェアによって実現されるとは、コンピュータがプログラムを読み込んで実行することにより実現されることを意味する。 Each function included in the numerical control device 10 in one embodiment can be realized by hardware, software, or a combination thereof. Here, "implemented by software" means implemented by a computer reading and executing a program.
 プログラムは、様々なタイプの非一時的なコンピュータ可読媒体(Non-transitory computer readable medium)を用いて格納され、コンピュータに供給することができる。非一時的なコンピュータ可読媒体は、様々なタイプの実体のある記録媒体(Tangible storage medium)を含む。非一時的なコンピュータ可読媒体の例は、磁気記録媒体(例えば、フレキシブルディスク、磁気テープ、ハードディスクドライブ)、光磁気記録媒体(例えば、光磁気ディスク)、CD-ROM(Read Only Memory)、CD-R、CD-R/W、半導体メモリ(例えば、マスクROM、PROM(Programmable ROM)、EPROM(Erasable PROM)、フラッシュROM、RAM)を含む。また、プログラムは、様々なタイプの一時的なコンピュータ可読媒体(Transitory computer readable medium)によってコンピュータに供給されてもよい。一時的なコンピュータ可読媒体の例は、電気信号、光信号、及び電磁波を含む。一時的なコンピュータ可読媒体は、電線及び光ファイバ等の有線通信路、又は、無線通信路を介して、プログラムをコンピュータに供給できる。 Programs can be stored and supplied to computers using various types of non-transitory computer readable media. Non-transitory computer-readable media include various types of tangible storage media. Examples of non-transitory computer-readable media include magnetic recording media (e.g., flexible discs, magnetic tapes, hard disk drives), magneto-optical recording media (e.g., magneto-optical discs), CD-ROMs (Read Only Memory), CD- R, CD-R/W, semiconductor memory (eg mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM). The program may also be supplied to the computer on various types of transitory computer readable medium. Examples of transitory computer-readable media include electrical signals, optical signals, and electromagnetic waves. Transitory computer-readable media can deliver the program to the computer via wired communication channels, such as wires and optical fibers, or wireless communication channels.
 なお、記録媒体に記録されるプログラムを記述するステップは、その順序に沿って時系列的に行われる処理はもちろん、必ずしも時系列的に処理されなくとも、並列的あるいは個別に実行される処理をも含むものである。 It should be noted that the steps of writing a program recorded on a recording medium include not only processes that are executed chronologically in order, but also processes that are executed in parallel or individually, even if they are not necessarily processed chronologically. It also includes
 以上を換言すると、本開示の制御装置及び制御方法は、次のような構成を有する各種各様の実施形態を取ることができる。 In other words, the control device and control method of the present disclosure can take various embodiments having the following configurations.
 (1)本開示の数値制御装置10は、産業機械を制御し外部機器と接続可能な制御装置であって、少なくとも1つの電子部品の物理状態を測定周期で測定する測定部130と、正常状態において2つ以上の任意の動作プログラムそれぞれが実行された期間及び待機中毎に電子部品の物理状態を測定周期に対応付けてモデル波形として記録するメモリ12と、2つ以上の任意の動作プログラムそれぞれが実行された期間又は待機中において測定部130により測定周期に対応付けて測定された電子部品の物理状態と、実行されている任意の動作プログラム又は待機中に対応する前記モデル波形のうち当該物理状態が測定された測定周期に対応する物理状態との差分の絶対値を、任意の動作プログラムの実行期間又は待機中の一定期間毎に加算し、リソースに過剰な負荷をかけて数値制御装置10やネットワーク20の稼働を妨害する不正アクセスに対する予め定められた判定閾値を加算した値が超過したか否かを判定する検知部131と、を備える。
 この数値制御装置10によれば、DoS攻撃等のリソースに過剰な負荷をかけて数値制御装置10やネットワーク20の稼働を妨害する不正アクセスを容易に検知することができる。 (1) The numerical control device 10 of the present disclosure is a control device that controls an industrial machine and can be connected to an external device, and includes a measurement unit 130 that measures the physical state of at least one electronic component at a measurement cycle, and a normal state A memory 12 that records the physical state of the electronic component as a model waveform in association with the measurement period during each period in which two or more arbitrary operation programs are executed and during standby, and two or more arbitrary operation programs, respectively is executed or during standby, the physical state of the electronic component measured in association with the measurement period by the measurement unit 130, and the physical state of the model waveform corresponding to the arbitrary operation program being executed or during standby The absolute value of the difference from the physical state corresponding to the measurement period in which the state is measured is added every certain period of time during the execution of an arbitrary operation program or during standby, and the numerical control device 10 places an excessive load on resources. and a detection unit 131 that determines whether or not a value obtained by adding a predetermined determination threshold against unauthorized access that interferes with operation of the network 20 has exceeded.
According to this numerical controller 10, it is possible to easily detect unauthorized access such as a DoS attack that overloads resources and interferes with the operation of the numerical controller 10 and the network 20. FIG.
 (2) (1)に記載の数値制御装置10において、物理状態は、電子部品の消費電流であってもよい。
 そうすることで、数値制御装置10は、精度良くDoS攻撃等の不正アクセスを検知することができる。 (2) In the numerical controller 10 described in (1), the physical state may be current consumption of electronic components.
By doing so, the numerical controller 10 can accurately detect unauthorized access such as a DoS attack.
 (3) (1)に記載の数値制御装置10において、物理状態は、電子部品の消費電力であってもよい。
 そうすることで、数値制御装置10は、(2)と同様の効果を奏することができる。 (3) In the numerical controller 10 described in (1), the physical state may be power consumption of electronic components.
By doing so, the numerical controller 10 can achieve the same effect as (2).
 (4) (1)に記載の数値制御装置10において、物理状態は、電子部品のジャンクション温度であってもよい。
 そうすることで、数値制御装置10は、(2)と同様の効果を奏することができる。 (4) In the numerical controller 10 described in (1), the physical state may be the junction temperature of the electronic component.
By doing so, the numerical controller 10 can achieve the same effect as (2).
 (5) (1)から(4)のいずれかに記載の数値制御装置10において、電子部品は、CPU13を含んでもよい。
 そうすることで、数値制御装置10は、DoS攻撃等の不正アクセスを迅速に検知することができる。 (5) In the numerical controller 10 according to any one of (1) to (4), the electronic component may include the CPU 13 .
By doing so, the numerical controller 10 can quickly detect unauthorized access such as a DoS attack.
 (6) (1)から(5)のいずれかに記載の数値制御装置10において、検知部131が不正アクセスと判定した場合、少なくとも数値制御装置10をネットワーク20から遮断し、動作プログラムを停止し、不正アクセスを検知したというログをメモリ12に記録する動作制御部132をさらに備えてもよい。
 そうすることで、数値制御装置10は、DoS攻撃等の不正アクセスによる影響を回避することができる。 (6) In the numerical control device 10 according to any one of (1) to (5), when the detection unit 131 determines unauthorized access, at least the numerical control device 10 is cut off from the network 20 and the operation program is stopped. , an operation control unit 132 that records a log indicating that unauthorized access has been detected in the memory 12 .
By doing so, the numerical controller 10 can avoid the effects of unauthorized access such as DoS attacks.
 (7)本開示の制御方法は、外部機器と接続可能な数値制御装置10による産業機械の制御方法であって、少なくとも1つの電子部品の物理状態を測定周期で測定する測定ステップと、正常状態において2つ以上の任意の動作プログラムそれぞれが実行された期間及び待機中毎に電子部品の物理状態を測定周期に対応付けてモデル波形として記録する記録ステップと、2つ以上の任意の動作プログラムそれぞれが実行された期間又は待機中において測定周期に対応付けて測定された電子部品の物理状態と、実行されている任意の動作プログラム又は待機中に対応するモデル波形のうち当該物理状態が測定された測定周期に対応する物理状態との差分の絶対値を、任意の動作プログラムの実行期間又は待機中の一定期間毎に加算し、リソースに過剰な負荷をかけて数値制御装置10やネットワーク20の稼働を妨害する不正アクセスに対する予め定められた判定閾値を加算した値が超過したか否かを判定する検知ステップと、を備える。
 この制御方法によれば、(1)と同様の効果を奏することができる。 (7) A control method of the present disclosure is a control method for an industrial machine by a numerical control device 10 connectable to an external device, comprising a measurement step of measuring the physical state of at least one electronic component at a measurement cycle; A recording step for recording the physical state of the electronic component as a model waveform in association with the measurement period during each period during which each of the two or more arbitrary operation programs is executed and during standby, and each of the two or more arbitrary operation programs The physical state of the electronic component measured in association with the measurement period during the period during which is executed or during standby, and the physical state of the model waveform corresponding to any operating program being executed or during standby is measured The absolute value of the difference from the physical state corresponding to the measurement period is added every fixed period during the execution of an arbitrary operation program or during standby, and the numerical control device 10 and the network 20 are operated by applying an excessive load to resources. and a detection step of determining whether a value plus a predetermined decision threshold for unauthorized access impeding the access has been exceeded.
According to this control method, the same effect as (1) can be obtained.
 1 制御システム
 10 数値制御装置
 11 外部I/F
 12 メモリ
 13 CPU
 130 測定部
 131 検知部
 132 動作制御部
 14 ASIC
 20 ネットワーク
 21~24 電源 1 control system 10 numerical controller 11 external I/F
12 memory 13 CPU
130 measurement unit 131 detection unit 132 operation control unit 14 ASIC
20 Network 21-24 Power supply

Claims (7)

  1.  産業機械を制御し外部機器と接続可能な制御装置であって、
     少なくとも1つの電子部品の物理状態を測定周期で測定する測定部と、
     正常状態において2つ以上の任意の動作プログラムそれぞれが実行された期間及び待機中毎に前記電子部品の物理状態を前記測定周期に対応付けてモデル波形として記録する記録部と、
     前記2つ以上の任意の動作プログラムそれぞれが実行された期間又は前記待機中において前記測定部により前記測定周期に対応付けて測定された前記電子部品の物理状態と、実行されている前記任意の動作プログラム又は前記待機中に対応する前記モデル波形のうち当該物理状態が測定された測定周期に対応する物理状態との差分の絶対値を、前記任意の動作プログラムの実行期間又は前記待機中の一定期間毎に加算し、リソースに過剰な負荷をかけて前記制御装置やネットワークの稼働を妨害する不正アクセスに対する予め定められた判定閾値を加算した値が超過したか否かを判定する検知部と、
     を備える制御装置。     A control device that controls an industrial machine and can be connected to an external device,
    a measurement unit that measures the physical state of at least one electronic component at a measurement interval;
    a recording unit that records the physical state of the electronic component as a model waveform in association with the measurement period during each period in which two or more arbitrary operation programs are executed in a normal state and during standby;
    The physical state of the electronic component measured in association with the measurement period by the measuring unit during the period when each of the two or more arbitrary operation programs is executed or during the standby period, and the arbitrary operation being executed The absolute value of the difference between the model waveform corresponding to the program or the standby state and the physical state corresponding to the measurement period in which the physical state was measured is obtained during the execution period of the arbitrary operation program or the predetermined period during the standby period. a detection unit that determines whether a value obtained by adding a predetermined determination threshold value against unauthorized access that imposes an excessive load on resources and interferes with the operation of the control device or network has exceeded,
    A control device comprising:
  2.  前記物理状態は、前記電子部品の消費電流である、請求項1に記載の制御装置。 The control device according to claim 1, wherein the physical state is current consumption of the electronic component.
  3.  前記物理状態は、前記電子部品の消費電力である、請求項1に記載の制御装置。 The control device according to claim 1, wherein the physical state is power consumption of the electronic component.
  4.  前記物理状態は、前記電子部品のジャンクション温度である、請求項1に記載の制御装置。 The control device according to claim 1, wherein the physical state is the junction temperature of the electronic component.
  5.  前記電子部品は、プロセッサを含む、請求項1から請求項4のいずれか1項に記載の制御装置。 The control device according to any one of claims 1 to 4, wherein the electronic component includes a processor.
  6.  前記検知部が前記不正アクセスと判定した場合、少なくとも前記制御装置をネットワークから遮断し、前記動作プログラムを停止し、前記不正アクセスを検知したというログを前記記録部に記録する動作制御部をさらに備える、請求項1から請求項5のいずれか1項に記載の制御装置。 An operation control unit that, when the detection unit determines that the unauthorized access has occurred, shuts off at least the control device from the network, stops the operating program, and records a log indicating that the unauthorized access has been detected in the recording unit. A control device according to any one of claims 1 to 5.
  7.  外部機器と接続可能な制御装置による産業機械の制御方法であって、
     少なくとも1つの電子部品の物理状態を測定周期で測定する測定ステップと、
     正常状態において2つ以上の任意の動作プログラムそれぞれが実行された期間及び待機中毎に前記電子部品の物理状態を前記測定周期に対応付けてモデル波形として記録する記録ステップと、
     前記2つ以上の任意の動作プログラムそれぞれが実行された期間又は前記待機中において前記測定周期に対応付けて測定された前記電子部品の物理状態と、実行されている前記任意の動作プログラム又は前記待機中に対応する前記モデル波形のうち当該物理状態が測定された測定周期に対応する物理状態との差分の絶対値を、前記任意の動作プログラムの実行期間又は前記待機中の一定期間毎に加算し、リソースに過剰な負荷をかけて前記制御装置やネットワークの稼働を妨害する不正アクセスに対する予め定められた判定閾値を加算した値が超過したか否かを判定する検知ステップと、
     を備える制御方法。     A control method for an industrial machine by a control device connectable to an external device, comprising:
    a measuring step of measuring the physical state of at least one electronic component at a measuring interval;
    a recording step of recording the physical state of the electronic component as a model waveform in association with the measurement period during each period in which two or more arbitrary operation programs are executed in a normal state and during standby;
    The physical state of the electronic component measured in association with the measurement period during the period when each of the two or more arbitrary operation programs is executed or during the standby, and the arbitrary operation program being executed or the standby The absolute value of the difference from the physical state corresponding to the measurement period in which the physical state was measured among the model waveforms corresponding to the above is added every fixed period during the execution period of the arbitrary operation program or during the standby period. , a detection step of determining whether or not a value obtained by adding a predetermined determination threshold against unauthorized access that imposes an excessive load on resources and interferes with the operation of the control device or network has exceeded;
    A control method comprising:
PCT/JP2021/042643 2021-11-19 2021-11-19 Control device and control method WO2023089783A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/042643 WO2023089783A1 (en) 2021-11-19 2021-11-19 Control device and control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/042643 WO2023089783A1 (en) 2021-11-19 2021-11-19 Control device and control method

Publications (1)

Publication Number Publication Date
WO2023089783A1 true WO2023089783A1 (en) 2023-05-25

Family

ID=86396475

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/042643 WO2023089783A1 (en) 2021-11-19 2021-11-19 Control device and control method

Country Status (1)

Country Link
WO (1) WO2023089783A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080276111A1 (en) * 2004-09-03 2008-11-06 Jacoby Grant A Detecting Software Attacks By Monitoring Electric Power Consumption Patterns
WO2015001594A1 (en) * 2013-07-01 2015-01-08 株式会社日立製作所 Control system, control method, and controller
WO2016143072A1 (en) * 2015-03-10 2016-09-15 三菱電機株式会社 Programmable logic controller
CN112050782A (en) * 2020-08-31 2020-12-08 浙江大学 Power-based industrial mechanical arm abnormal motion online detection method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080276111A1 (en) * 2004-09-03 2008-11-06 Jacoby Grant A Detecting Software Attacks By Monitoring Electric Power Consumption Patterns
WO2015001594A1 (en) * 2013-07-01 2015-01-08 株式会社日立製作所 Control system, control method, and controller
WO2016143072A1 (en) * 2015-03-10 2016-09-15 三菱電機株式会社 Programmable logic controller
CN112050782A (en) * 2020-08-31 2020-12-08 浙江大学 Power-based industrial mechanical arm abnormal motion online detection method

Similar Documents

Publication Publication Date Title
KR102579088B1 (en) Current control for a multicore processor
US20200186553A1 (en) System monitor
WO2018058999A1 (en) Overcurrent point configuration method and apparatus, and overcurrent protection apparatus
JP4572251B2 (en) Computer system, computer system failure sign detection method and program
JP2019130632A (en) Abnormality determination apparatus, program, abnormality determination system, and abnormality determination method
KR20140139540A (en) Detection of unexpected server operation through physical attribute monitoring
CN108983922A (en) Working frequency adjusting method, device and server
CN110826075A (en) PLC dynamic measurement method, device, system, storage medium and electronic equipment
KR101212496B1 (en) Method of representing usage of monitoring resource, computing apparatus for performing the same and record medium recording program for implementing the method
JP2017219947A (en) Abnormality detection device, abnormality detection method and abnormality detection program
WO2023089783A1 (en) Control device and control method
US20140379162A1 (en) Server system and monitoring method
WO2023089780A1 (en) Control device and control method
US11977754B2 (en) External indicators for adaptive in-field recalibration
US9733685B2 (en) Temperature-aware microprocessor voltage management
WO2023089781A1 (en) Control device and control method
WO2023089782A1 (en) Control device and control method
US20130219209A1 (en) Electronic device with an overclocking mode and method
US20150102791A1 (en) Voltage regulator calibration
CN109975724B (en) AC power supply abnormity detection method and device
CN115357421A (en) Server liquid cooling system leakage processing method and device and computer equipment
KR20150096612A (en) Test system for soc and test method thereof
KR101420230B1 (en) Hacking Monitoring Method, Media Recorded with Program for Hacking Monitoring, and Terminal Embedded with Program for Hacking Monitoring
JP2010141708A (en) Temperature control circuit, temperature control method, program, recording medium, and portable communication terminal
US20190089548A1 (en) Packet transfer device and packet transfer system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21964798

Country of ref document: EP

Kind code of ref document: A1