[go: up one dir, main page]

CN108170105A - Industrial control network protection system and method - Google Patents

Industrial control network protection system and method Download PDF

Info

Publication number
CN108170105A
CN108170105A CN201711170486.3A CN201711170486A CN108170105A CN 108170105 A CN108170105 A CN 108170105A CN 201711170486 A CN201711170486 A CN 201711170486A CN 108170105 A CN108170105 A CN 108170105A
Authority
CN
China
Prior art keywords
inspection
industrial equipment
core
industrial
mark
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711170486.3A
Other languages
Chinese (zh)
Inventor
秦勇
任子良
梁展豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongguan University of Technology
Original Assignee
Dongguan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongguan University of Technology filed Critical Dongguan University of Technology
Priority to CN201711170486.3A priority Critical patent/CN108170105A/en
Publication of CN108170105A publication Critical patent/CN108170105A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • G05B19/4185Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/33Director till display
    • G05B2219/33139Design of industrial communication system with expert system
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Manufacturing & Machinery (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Alarm Systems (AREA)

Abstract

An industrial control network protection method, comprising: the data acquisition monitoring module carries an inspection identifier to inspect the industrial equipment group, wherein the inspection identifier comprises an address code and a core identifier; if the core identifier in the routing inspection identifier is not consistent with the core identifier in the industrial equipment, inquiring original data of the corresponding equipment in a backup database according to the address code in the routing inspection identifier; and exporting the original data inquired in the backup database and covering the data in the corresponding industrial equipment. Because the data acquisition monitoring module patrols and examines industrial equipment, through comparing the core sign, can detect whether industrial equipment receives the attack to in time through the data in the backup database recovery industrial equipment, avoid taking place the great loss. The invention also discloses an industrial control network protection system.

Description

一种工业控制网络防护系统及方法An industrial control network protection system and method

技术领域technical field

本申请涉及网络信息安全技术领域,具体涉及一种工业控制网络防护系统及方法。This application relates to the technical field of network information security, in particular to an industrial control network protection system and method.

背景技术Background technique

随着计算机和网络技术的发展,信息化安全在信息化建设环节中提到了极高的重视程度,工业控制系统产品越来越多地采用通用协议、通用硬件和通用软件,并且部分系统以各种方式与互联网等公共网络连接,病毒、木马、蠕虫等威胁正在向工业控制系统扩散,对工业控制系统信息安全威胁和问题与日俱增。With the development of computer and network technology, informatization security has been given a high degree of attention in the process of informatization construction. Industrial control system products are increasingly using general-purpose protocols, general-purpose hardware and general-purpose software, and some systems are based on various There are various ways to connect to public networks such as the Internet. Threats such as viruses, Trojan horses, and worms are spreading to industrial control systems, and the threats and problems to information security of industrial control systems are increasing day by day.

目前工业控制网络防护主要是通过在工业控制内网与外网之间设置防火墙,通过防火墙检测内网与外网之间传输的数据是否存在异常,如果存在异常则阻断传输。当传输数据量较大时,防火墙会出现检测数据冗余,导致死机的情况,而且当病毒数据经过伪装后,防火墙会出现漏检的情况,致使工业控制内网数据遭受威胁。At present, industrial control network protection is mainly through setting up a firewall between the industrial control internal network and the external network, through the firewall to detect whether there is any abnormality in the data transmitted between the internal network and the external network, and if there is an abnormality, the transmission is blocked. When the amount of transmitted data is large, the firewall will detect data redundancy, resulting in crashes, and when the virus data is disguised, the firewall will fail to detect, resulting in threats to industrial control intranet data.

发明内容Contents of the invention

本申请提供一种工业控制网络防护系统及方法,以提高工业控制网络的安全性能。The application provides an industrial control network protection system and method to improve the security performance of the industrial control network.

根据第一方面,一种实施例中提供一种工业控制网络防护方法, 包括:数据采集监控模块携带巡检标识向工业设备组巡检,所述巡检标识包括地址编码与核心标识;若巡检标识中的核心标识与工业设备中的核心标识不符,根据巡检标识中的地址编码向备份数据库中查询对应设备的原始数据;将备份数据库中查询到的原始数据导出并覆盖对应工业设备中的数据。According to the first aspect, an embodiment provides a method for protecting an industrial control network, including: the data collection and monitoring module carries an inspection identification to inspect the industrial equipment group, and the inspection identification includes an address code and a core identification; if the inspection If the core identification in the inspection identification does not match the core identification in the industrial equipment, query the original data of the corresponding equipment from the backup database according to the address code in the inspection identification; export the original data queried in the backup database and overwrite the corresponding industrial equipment The data.

优选地,若巡检标识中的核心标识与工业设备中的核心标识不符,数据采集监控模块触发报警。Preferably, if the core identifier in the inspection identifier does not match the core identifier in the industrial equipment, the data collection and monitoring module triggers an alarm.

根据第二方面,一种实施例中提供一种工业控制网络防护系统,包括:数据采集监控模块,用于根据巡检标识向工业设备巡检,还用于当巡检标识中的核心标识与工业设备中的核心标识不符时,根据巡检标识向备份数据库中查询对应设备的原始数据,其中,巡检标识包括地址编码与核心标识;工业设备组,包含多个工业设备,每个工业设备带有该设备的地址编码;备份数据库,按地址编码存储有各个工业设备的原始数据。According to the second aspect, an embodiment provides an industrial control network protection system, including: a data collection and monitoring module, used for patrolling the industrial equipment according to the inspection identification, and also used for when the core identification in the inspection identification and the When the core identification in the industrial equipment does not match, query the original data of the corresponding equipment in the backup database according to the inspection identification, where the inspection identification includes address code and core identification; the industrial equipment group contains multiple industrial equipment, each industrial It has the address code of the equipment; the backup database stores the original data of each industrial equipment according to the address code.

优选地,数据采集监控模块还用于在巡检标识中的核心标识与工业设备中的核心标识不符时触发报警。Preferably, the data collection and monitoring module is also used to trigger an alarm when the core identifier in the inspection identifier does not match the core identifier in the industrial equipment.

依据上述实施例的工业控制网络防护方法和系统,由于数据采集监控模块对工业设备巡检,通过对比核心标识,能够检测到工业设备是否受到攻击,并及时通过备份数据库恢复工业设备中的数据,避免发生重大损失。进一步,在巡检标识中的核心标识与工业设备中的核心标识不符时触发报警,及时提示人工做相应的检查和处理。According to the industrial control network protection method and system of the above-mentioned embodiments, since the data acquisition and monitoring module patrols the industrial equipment, by comparing the core identification, it can detect whether the industrial equipment is attacked, and restore the data in the industrial equipment through the backup database in time, Avoid major losses. Further, when the core identification in the inspection identification does not match the core identification in the industrial equipment, an alarm is triggered, and the manual is promptly prompted to do corresponding inspection and processing.

附图说明Description of drawings

图1为本发明系统框图;Fig. 1 is a system block diagram of the present invention;

图2为本发明流程图。Fig. 2 is a flowchart of the present invention.

具体实施方式Detailed ways

下面通过具体实施方式结合附图对本发明作进一步详细说明。其中不同实施方式中类似元件采用了相关联的类似的元件标号。在以下的实施方式中,很多细节描述是为了使得本申请能被更好的理解。然而,本领域技术人员可以毫不费力的认识到,其中部分特征在不同情况下是可以省略的,或者可以由其他元件、材料、方法所替代。在某些情况下,本申请相关的一些操作并没有在说明书中显示或者描述,这是为了避免本申请的核心部分被过多的描述所淹没,而对于本领域技术人员而言,详细描述这些相关操作并不是必要的,他们根据说明书中的描述以及本领域的一般技术知识即可完整了解相关操作。The present invention will be further described in detail below through specific embodiments in conjunction with the accompanying drawings. Wherein, similar elements in different implementations adopt associated similar element numbers. In the following implementation manners, many details are described for better understanding of the present application. However, those skilled in the art can readily recognize that some of the features can be omitted in different situations, or can be replaced by other elements, materials, and methods. In some cases, some operations related to the application are not shown or described in the description, this is to avoid the core part of the application being overwhelmed by too many descriptions, and for those skilled in the art, it is necessary to describe these operations in detail Relevant operations are not necessary, and they can fully understand the relevant operations according to the description in the specification and general technical knowledge in the field.

本文中为部件所编序号本身,例如“第一”、“第二”等,仅用于区分所描述的对象,不具有任何顺序或技术含义。而本申请所说“连接”、“联接”,如无特别说明,均包括直接和间接连接(联接)。The serial numbers assigned to components in this document, such as "first", "second", etc., are only used to distinguish the described objects, and do not have any sequence or technical meaning. The "connection" and "connection" mentioned in this application include direct and indirect connection (connection) unless otherwise specified.

请参考图1,本发明工业控制网络防护系统包括:数据采集监控模块1,工业设备组2、备份数据库3;数据采集监控模块1用于根据巡检标识向工业设备巡检,还用于当巡检标识中的核心标识与工业设备中的核心标识不符时,根据巡检标识中的地址编码向备份数据库3中查询对应设备的原始数据,其中,巡检标识包括地址编码与核心标识;工业设备组2,包含多个工业设备,每个工业设备带有该设备的地址编码;备份数据库3,按地址编码存储有各个工业设备的原始数据。Please refer to Fig. 1, the industrial control network protection system of the present invention comprises: data acquisition and monitoring module 1, industrial equipment group 2, backup database 3; When the core identification in the inspection identification does not match the core identification in the industrial equipment, query the original data of the corresponding equipment in the backup database 3 according to the address code in the inspection identification, wherein the inspection identification includes the address code and the core identification; The equipment group 2 includes a plurality of industrial equipment, and each industrial equipment has the address code of the equipment; the backup database 3 stores the original data of each industrial equipment according to the address code.

其中,数据采集监控模块还用于在巡检标识中的核心标识与工业设备中的核心标识不符时触发报警。Wherein, the data acquisition monitoring module is also used to trigger an alarm when the core identification in the inspection identification does not match the core identification in the industrial equipment.

请参考图2,本发明工业控制网络防护方法包括:Please refer to Fig. 2, the industrial control network protection method of the present invention comprises:

步骤101、数据采集监控模块携带巡检标识向工业设备组巡检,所述巡检标识包括地址编码与核心标识;Step 101, the data collection and monitoring module carries the inspection identification to the industrial equipment group for inspection, and the inspection identification includes address code and core identification;

步骤102、判断巡检标识中的核心标识与工业设备中的核心标识是否相符,若不相符,则进入步骤103;Step 102, judging whether the core identification in the inspection identification matches the core identification in the industrial equipment, if not, proceed to step 103;

步骤103、根据巡检标识中的地址编码向备份数据库中查询对应设备的原始数据;Step 103, querying the backup database for the original data of the corresponding device according to the address code in the inspection identification;

步骤104、将备份数据库中查询到的原始数据导出并覆盖对应工业设备中的数据。Step 104, exporting the original data queried in the backup database and overwriting the data in the corresponding industrial equipment.

作为本发明的优选实施方式,进一步包括,巡检标识中的核心标识与工业设备中的核心标识不符,数据采集监控模块触发报警。As a preferred embodiment of the present invention, it further includes that the core identification in the inspection identification does not match the core identification in the industrial equipment, and the data collection and monitoring module triggers an alarm.

以上应用了具体个例对本发明进行阐述,只是用于帮助理解本发明,并不用以限制本发明。对于本发明所属技术领域的技术人员,依据本发明的思想,还可以做出若干简单推演、变形或替换。The above uses specific examples to illustrate the present invention, which is only used to help understand the present invention, and is not intended to limit the present invention. For those skilled in the technical field to which the present invention belongs, some simple deduction, deformation or replacement can also be made according to the idea of the present invention.

Claims (4)

1. a kind of industrial control network means of defence, it is characterised in that including:
Data acquisition monitoring module carries inspection and identifies to industrial equipment group inspection, and the inspection mark includes address coding and core The heart identifies;
If the core mark in inspection mark is not inconsistent with the core mark in industrial equipment, the address coding in being identified according to inspection The initial data of corresponding equipment is inquired into backup database;
The initial data inquired in backup database is exported and covers the data in corresponding industrial equipment.
2. industrial control network means of defence as described in claim 1, which is characterized in that if the core mark in inspection mark Know and be not inconsistent with the core mark in industrial equipment, data acquisition monitoring module triggering alarm.
3. a kind of industrial control network guard system, it is characterised in that including:
Data acquire monitoring module, for identifying the core to industrial equipment inspection, being additionally operable to when in inspection mark according to inspection When mark is not inconsistent with the core mark in industrial equipment, is identified according to inspection and the original of corresponding equipment is inquired into backup database Data;Wherein, inspection mark includes address coding and core mark;
Industrial equipment group, comprising multiple industrial equipments, each industrial equipment carries the address coding of the equipment;
Backup database is stored with the initial data of each industrial equipment by address coding.
4. industrial control network guard system as claimed in claim 3, which is characterized in that data acquisition monitoring module is additionally operable to Triggering is alarmed when core mark in inspection mark is not inconsistent with the core mark in industrial equipment.
CN201711170486.3A 2017-11-22 2017-11-22 Industrial control network protection system and method Pending CN108170105A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711170486.3A CN108170105A (en) 2017-11-22 2017-11-22 Industrial control network protection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711170486.3A CN108170105A (en) 2017-11-22 2017-11-22 Industrial control network protection system and method

Publications (1)

Publication Number Publication Date
CN108170105A true CN108170105A (en) 2018-06-15

Family

ID=62527229

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711170486.3A Pending CN108170105A (en) 2017-11-22 2017-11-22 Industrial control network protection system and method

Country Status (1)

Country Link
CN (1) CN108170105A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764717A (en) * 2008-12-25 2010-06-30 中国移动通信集团天津有限公司 Network management warning data checking method and system
CN102236764A (en) * 2011-06-30 2011-11-09 北京邮电大学 Method and monitoring system for Android system to defend against desktop information attack
CN102684927A (en) * 2012-05-31 2012-09-19 迈普通信技术股份有限公司 Method and device for inspecting network device
CN103036886A (en) * 2012-12-19 2013-04-10 珠海市鸿瑞软件技术有限公司 Industrial controlling network safety protecting method
CN103491108A (en) * 2013-10-15 2014-01-01 浙江中控研究院有限公司 Method and system for security protection of industrial control network
US9235477B1 (en) * 2006-04-24 2016-01-12 Emc Corporation Virtualized backup solution
CN105490861A (en) * 2015-12-30 2016-04-13 中国普天信息产业北京通信规划设计院 System and method of management of network management device
CN107124425A (en) * 2017-05-26 2017-09-01 北京立思辰新技术有限公司 The method and computing device of monitoring device safety

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9235477B1 (en) * 2006-04-24 2016-01-12 Emc Corporation Virtualized backup solution
CN101764717A (en) * 2008-12-25 2010-06-30 中国移动通信集团天津有限公司 Network management warning data checking method and system
CN102236764A (en) * 2011-06-30 2011-11-09 北京邮电大学 Method and monitoring system for Android system to defend against desktop information attack
CN102684927A (en) * 2012-05-31 2012-09-19 迈普通信技术股份有限公司 Method and device for inspecting network device
CN103036886A (en) * 2012-12-19 2013-04-10 珠海市鸿瑞软件技术有限公司 Industrial controlling network safety protecting method
CN103491108A (en) * 2013-10-15 2014-01-01 浙江中控研究院有限公司 Method and system for security protection of industrial control network
CN105490861A (en) * 2015-12-30 2016-04-13 中国普天信息产业北京通信规划设计院 System and method of management of network management device
CN107124425A (en) * 2017-05-26 2017-09-01 北京立思辰新技术有限公司 The method and computing device of monitoring device safety

Similar Documents

Publication Publication Date Title
US11102223B2 (en) Multi-host threat tracking
CN108259449B (en) Method and system for defending against APT (android packet) attack
US11122061B2 (en) Method and server for determining malicious files in network traffic
CN106796639B (en) Data mining algorithms for trusted execution environments
US8966249B2 (en) Data security and integrity by remote attestation
CN110149350A (en) A network attack event analysis method and device associated with alarm logs
CN107454109A (en) A network stealing behavior detection method based on HTTP traffic analysis
CN109951477B (en) Method and device for detecting network attack based on threat intelligence
US9690598B2 (en) Remotely establishing device platform integrity
JP2019082989A5 (en)
US8959624B2 (en) Executable download tracking system
US20180063191A1 (en) System and method for using a virtual honeypot in an industrial automation system and cloud connector
CA2545916A1 (en) Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
CN107483425B (en) Composite attack detection method based on attack chain
WO2015024315A1 (en) Network intrusion alarm method and system for nuclear power station
EP3531324A1 (en) Identification process for suspicious activity patterns based on ancestry relationship
EP3232358B1 (en) Correlation-based detection of exploit activity
KR101889503B1 (en) Method and apparatus for providing flight data protection
CN111259389B (en) Operating system protection method, device and storage medium
CN113127855A (en) Safety protection system and method
US12425434B1 (en) System and process for providing network intrusion detection
CN108170105A (en) Industrial control network protection system and method
CN113904920B (en) Network security defense methods, devices and systems based on compromised equipment
TW202335468A (en) Method and apparatus for detecting anomalies of an infrastructure in a network
CN107608339B (en) Interface protection method and device for automobile engine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180615