[go: up one dir, main page]

CN112367224A - Terminal monitoring device, system and method - Google Patents

Terminal monitoring device, system and method Download PDF

Info

Publication number
CN112367224A
CN112367224A CN202011255639.6A CN202011255639A CN112367224A CN 112367224 A CN112367224 A CN 112367224A CN 202011255639 A CN202011255639 A CN 202011255639A CN 112367224 A CN112367224 A CN 112367224A
Authority
CN
China
Prior art keywords
monitoring
terminal
module
parameter
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011255639.6A
Other languages
Chinese (zh)
Inventor
王向群
王齐
姚启桂
董之微
原义栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Electric Power Research Institute of State Grid Liaoning Electric Power Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Electric Power Research Institute of State Grid Liaoning Electric Power Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Global Energy Interconnection Research Institute, Electric Power Research Institute of State Grid Liaoning Electric Power Co Ltd, Beijing Smartchip Microelectronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202011255639.6A priority Critical patent/CN112367224A/en
Publication of CN112367224A publication Critical patent/CN112367224A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Cardiology (AREA)
  • Medical Informatics (AREA)
  • Alarm Systems (AREA)

Abstract

The invention discloses a terminal monitoring device, a system and a method, wherein the device comprises: the management module comprises a parameter receiving unit, the parameter receiving unit is used for receiving an externally input parameter configuration instruction, generating a configuration file according to the parameter configuration instruction and sending the configuration file to the monitoring module; and the monitoring module is used for receiving the configuration file and setting monitoring parameters according to the configuration file to monitor the terminal safety state. By implementing the invention, a management module and a monitoring module are arranged, the management module receives a parameter configuration instruction to generate a configuration file, and the monitoring module receives the configuration file to generate a monitoring parameter for safety monitoring. Therefore, when the device operates in different environments, different instructions can be received to generate monitoring parameters, so that the device can adapt to different software and hardware environments, the terminal can be effectively protected, the normal operation of terminal services is guaranteed, and the adaptability of terminal safety monitoring is improved.

Description

Terminal monitoring device, system and method
Technical Field
The invention relates to the technical field of network security, in particular to a terminal monitoring device, system and method.
Background
The power internet of things is a second network which is developed by being fused with a power grid, is a new communication technology which comprehensively applies 'cloud thing moving intelligence' and the like, is mutually permeated and deeply fused with a new generation power system, is connected with people, machines and things in each link of energy power production and consumption on line in real time, is a new generation information communication system which comprehensively bears and has services of power grid production operation, enterprise operation management, external customer service and the like, and is infrastructure for supporting high-efficiency, economic and safe operation of the energy internet in China. According to the preliminary planning of the top-level design of the full-service ubiquitous power Internet of things, the typical architecture of the Internet of things of a company in the future is divided into a terminal layer, a network layer, a platform layer and an application layer, and the full-service of the company is covered.
The development of the power internet of things and the change of the safety situation provide new requirements for network safety, particularly the safety of an internet of things terminal layer. The scale of the nodes and data of the intelligent terminal of the internet of things far exceeds the defense capacity of the traditional safety architecture, and the safety problem of the intelligent terminal of the internet of things brings great challenges to the construction and popularization of the internet of things. At present, the development of the internet of things is still in the initial stage, the safety protection capability is very weak, and the intelligent terminal of the internet of things generally faces the risks of various loopholes, backdoors, attack, easy large-area infection, communication data stealing and tampering and the like. However, the existing research for terminal security monitoring is less, and the existing terminal monitoring content is single in solidification and cannot adapt to different environments.
Disclosure of Invention
In view of this, embodiments of the present invention provide a terminal monitoring device, system and method to solve the technical problem of single content solidification of the existing terminal security monitoring.
The technical scheme provided by the invention is as follows:
a first aspect of an embodiment of the present invention provides a terminal security monitoring device, where the device includes: the monitoring system comprises a monitoring module, a management module and a control module, wherein the management module comprises a parameter receiving unit, the parameter receiving unit is used for receiving an externally input parameter configuration instruction, generating a configuration file according to the parameter configuration instruction and sending the configuration file to the monitoring module; and the monitoring module is used for receiving the configuration file and setting monitoring parameters according to the configuration file to monitor the safety state of the terminal.
Optionally, the monitoring parameters include: monitoring the switching of the items, monitoring the threshold value of the content and any one or more of the acquisition periods.
Optionally, the monitored terminal security state includes any one or more of a login state, a hardware running state, a network connection state, a process running state, and a network traffic state.
Optionally, the monitoring module is further configured to send the security event to the management part for output when the security event is monitored.
Optionally, the management module further includes: and the adjusting unit is used for monitoring the running state of the monitoring module and changing the monitoring parameters in real time according to the running state.
Optionally, the management module further includes: and the link confirmation unit is used for sending heartbeat messages with the external equipment at preset intervals and maintaining the link with the external equipment.
Optionally, the management module further includes: and the upgrading unit is used for receiving an upgrading file input from the outside and updating the monitoring module according to the upgrading file.
A second aspect of an embodiment of the present invention provides a terminal security monitoring system, including: the terminal device includes the terminal safety monitoring device according to any one of the first aspect and the first aspect of the embodiments of the present invention, and the terminal device receives a parameter configuration instruction sent by the management platform, and configures monitoring parameters according to the parameter configuration instruction.
Optionally, the management platform is configured to receive a security event and a heartbeat packet sent by the terminal device, and send an upgrade file to the terminal device.
A third aspect of the embodiments of the present invention provides a terminal security monitoring method, where the method includes: receiving a parameter configuration instruction; generating monitoring parameters according to the parameter configuration instruction; and monitoring the terminal safety state according to the monitoring parameters.
The technical scheme of the invention has the following advantages:
the terminal safety monitoring device provided by the embodiment of the invention is provided with the management module and the monitoring module, wherein the management module can receive an externally input parameter configuration instruction to generate a configuration file, and the monitoring module can receive the configuration file to generate a monitoring parameter and carry out safety monitoring according to the monitoring parameter. Therefore, the terminal safety monitoring device provided by the embodiment of the invention can receive different instructions to generate monitoring parameters when the terminal safety monitoring device operates in different environments, so that the monitoring device can realize safety monitoring when the terminal safety monitoring device operates in different environments, can adapt to different software and hardware environments, can effectively perform safety protection on the terminal, simultaneously guarantees the normal operation of terminal services, and improves the adaptability of terminal safety monitoring.
According to the terminal safety monitoring device provided by the embodiment of the invention, the monitoring module can be responsible for specific monitoring of the terminal equipment, so that the monitoring function is realized; the management module is responsible for parameter configuration, heartbeat maintenance, remote upgrading and dynamic adjustment of monitoring parameters, and the management, maintenance and monitoring functions are achieved, so that the terminal can be monitored safely more effectively. Meanwhile, the monitoring device can be conveniently and flexibly configured according to different software and hardware environments when deployed on site by setting the parameter receiving unit. This monitoring devices can be long-range optimize the renewal to monitoring module through setting up the upgrading module, makes things convenient for the maintenance in later stage more. The management module monitors the occupation state of the terminal equipment and the hardware resources of the monitoring module periodically through the adjusting unit, and can dynamically adjust the parameters of the monitoring function so as to ensure the normal operation of the service system.
According to the terminal safety monitoring system provided by the embodiment of the invention, the terminal safety monitoring device is arranged in the terminal equipment, and the parameters in the terminal safety monitoring device are configured according to the parameter configuration instruction issued by the management platform, so that the safety monitoring of the terminal is realized. Therefore, the terminal safety monitoring system can find the terminal equipment in time when the terminal equipment has a safety event, and the normal operation of the terminal equipment is guaranteed.
The terminal safety monitoring method provided by the embodiment of the invention can receive the externally input parameter configuration instruction to generate the monitoring parameter, and realize the monitoring of the terminal safety state according to the monitoring parameter. Therefore, the terminal safety monitoring method provided by the embodiment of the invention can receive different instructions to generate monitoring parameters, so that safety monitoring can be realized in different environments, different software and hardware environments can be adapted, safety protection can be more effectively performed on the terminal, normal operation of terminal services is guaranteed, and the adaptability of terminal safety monitoring is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a block diagram of a terminal security monitoring apparatus according to an embodiment of the present invention;
fig. 2 is a block diagram of a terminal security monitoring device according to another embodiment of the present invention;
fig. 3 is a block diagram of a terminal security monitoring system according to an embodiment of the present invention;
fig. 4 is a flowchart of a terminal security monitoring method in an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
An embodiment of the present invention provides a terminal safety monitoring device, as shown in fig. 1, the terminal safety monitoring device includes: the management module 10 is in communication connection with the monitoring module 20, the management module 10 comprises a parameter receiving unit 11, and the parameter receiving unit 11 is used for receiving an externally input parameter configuration instruction, generating a configuration file according to the parameter configuration instruction and sending the configuration file to the monitoring module 20; and the monitoring module 20 is configured to receive the configuration file, and set monitoring parameters according to the configuration file to monitor the terminal security state. Alternatively, the connection between the management module 10 and the monitoring module 20 may be implemented by using a Transmission Control Protocol (TCP), or may also be implemented by using other communication Transmission protocols. After receiving the parameter configuration instruction, the parameter receiving unit 11 may analyze the parameter to obtain the parameter therein, and write the parameter into the configuration file for the monitoring module 20 to read.
The terminal safety monitoring device provided by the embodiment of the invention is provided with the management module and the monitoring module, wherein the management module can receive an externally input parameter configuration instruction to generate a configuration file, and the monitoring module can receive the configuration file to generate a monitoring parameter and carry out safety monitoring according to the monitoring parameter. Therefore, the terminal safety monitoring device provided by the embodiment of the invention can receive different instructions to generate monitoring parameters when the terminal safety monitoring device operates in different environments, so that the monitoring device can realize safety monitoring when the terminal safety monitoring device operates in different environments, can adapt to different software and hardware environments, can effectively perform safety protection on the terminal, simultaneously guarantees the normal operation of terminal services, and improves the adaptability of terminal safety monitoring.
In an embodiment, the terminal safety monitoring device can be used for an electric power terminal device, that is, the terminal safety monitoring device can be deployed in an electric power terminal to monitor an electric power internet of things terminal, and meanwhile, the electric power terminal device can be a terminal adopting any processor architecture; when the terminal safety monitoring device is used in different power terminal equipment, different parameter configuration instructions need to be sent to the monitoring device. In addition, the terminal safety monitoring device can also be used in other terminal equipment to realize the monitoring of terminals in different fields.
In one embodiment, as shown in fig. 2, the content detected by the monitoring module 20 includes: any one or more of a login state, a hardware running state, a network connection state, a process running state, and a network traffic state. In a specific embodiment, the terminal security inspection apparatus may be used as a server, and the monitoring module 20 may monitor whether a user performs a login operation, whether an illegal user logs in, and the like; the hardware running state comprises whether each hardware in the terminal monitored by the monitoring device runs normally, whether running faults occur or not and the like; the network connection state comprises whether the terminal monitored by the monitoring device and external network communication are normal or not; the process running state comprises whether each process in the terminal monitored by the monitoring device runs normally, and the network flow state comprises the flow of each process in the terminal monitored by the monitoring device, so that the normal running of each process is ensured. Specifically, different monitoring contents can be set for different terminals monitored by the monitoring device.
In an embodiment, when the monitoring module monitors the above contents, if it is found that a certain monitored content is abnormal, a security event may be generated, and the security event is sent to the management module through the socket. A security event refers to any event that attempts to change a security state (e.g., change access control measures, change security levels, change user passwords, etc.).
In one embodiment, monitoring the parameter includes: monitoring the switching of the items, monitoring the threshold value of the content and any one or more of the acquisition periods. The threshold value of the monitoring content comprises a CPU, a memory occupancy rate threshold value, a network flow size threshold value and the like; the acquisition period comprises parameters such as a CPU memory acquisition period, a network port state monitoring period, a network card flow acquisition period and the like. When the monitoring device monitors different terminals, different monitoring parameters can be set according to the parameter configuration instruction.
In one embodiment, as shown in fig. 2, the management module 10 further includes: and the adjusting unit 12, the adjusting unit 12 is configured to monitor an operation state of the monitoring module 20, and change the monitoring parameter in real time according to the operation state. Specifically, the adjusting unit 12 may periodically monitor the operation state of the monitoring module 20, and if the hardware resource occupied by the monitoring module 20 exceeds the threshold, the management module 10 may change the monitoring parameter through the adjusting unit 12, such as closing part of the function items, or increasing the acquisition period, or changing the safety threshold, so as to ensure the normal operation of the service system. Meanwhile, the adjusting unit 12 may also monitor the operation state of the terminal monitored by the hardware monitoring device, and when the sum of the hardware resources occupied by the monitoring module 20 and the service part in the terminal exceeds a threshold, the adjusting unit 12 may also change a monitoring parameter, for example, may modify a configuration file, or change a safety threshold, to ensure the normal operation of the whole terminal.
In one embodiment, as shown in fig. 2, the management module 10 further includes: and the link confirmation unit 13, where the link confirmation unit 13 is configured to send a heartbeat message with the external device every preset time, and maintain a link with the external device. Specifically, the link confirmation unit 13 in the management module 10 may periodically send a heartbeat message to an external device, such as a management platform, where the heartbeat message includes information such as an IP address and an ID number of a monitoring terminal of a monitoring device, and is used for identifying the terminal by the management platform. Meanwhile, the sending of the heartbeat message can also maintain the link between the terminal and the management platform.
In one embodiment, as shown in fig. 2, the management module 10 further includes: and the upgrading unit 14, wherein the upgrading unit 14 is used for receiving an upgrading file input from the outside and updating the monitoring module 20 according to the upgrading file. Specifically, the upgrade unit 14 may receive an upgrade file sent by an external device, such as a management platform, and verify, decrypt, and determine the version of the upgrade file, so as to determine that the version of the upgrade file is higher than the original version of the monitoring module 20, and update and restart the program in the monitoring module 20 according to the upgrade file, and at the same time, update the version number of the monitoring module 20.
According to the terminal safety monitoring device provided by the embodiment of the invention, the monitoring module can be responsible for specific monitoring of the terminal equipment, so that the monitoring function is realized; the management module is responsible for parameter configuration, heartbeat maintenance, remote upgrading and dynamic adjustment of monitoring parameters, and the management, maintenance and monitoring functions are achieved, so that the terminal can be monitored safely more effectively. Meanwhile, the monitoring device can be conveniently and flexibly configured according to different software and hardware environments when deployed on site by setting the parameter receiving unit. This monitoring devices can be long-range optimize the renewal to monitoring module through setting up the upgrading module, makes things convenient for the maintenance in later stage more. The management module monitors the occupation state of the terminal equipment and the hardware resources of the monitoring module periodically through the adjusting unit, and can dynamically adjust the parameters of the monitoring function so as to ensure the normal operation of the service system.
An embodiment of the present invention further provides a terminal security monitoring system, as shown in fig. 3, including: the terminal device 100 includes the terminal security monitoring apparatus described in the above embodiment, and the terminal device 100 receives the parameter configuration instruction sent by the management platform 200, and configures the monitoring parameter according to the parameter configuration instruction. Specifically, the management platform 200 may serve as a client, a user may input a parameter configuration instruction through the management platform 200, and the management platform 200 sends the parameter configuration instruction to the terminal security monitoring device in the terminal device 100, so as to complete configuration of parameters in the terminal security monitoring device, and implement security monitoring of the terminal.
According to the terminal safety monitoring system provided by the embodiment of the invention, the terminal safety monitoring device is arranged in the terminal equipment, and the parameters in the terminal safety monitoring device are configured according to the parameter configuration instruction issued by the management platform, so that the safety monitoring of the terminal is realized. Therefore, the terminal safety monitoring system can find the terminal equipment in time when the terminal equipment has a safety event, and the normal operation of the terminal equipment is guaranteed.
In an embodiment, when the monitoring module 20 monitors that a security event occurs in the terminal device 100, the corresponding security event may be sent to the management platform 200 through the management module 10, and prompt the user to protect the terminal device. Meanwhile, the management module 10 may periodically send a heartbeat message to the management platform 200 for maintaining the link between the terminal and the platform, where the heartbeat message includes information such as an IP address and an ID number of the terminal, and is used for identifying the terminal device by the management platform. In addition, the user can also send the upgrade file to the management module 10 through the management platform 200, so as to update the monitoring module 20.
An embodiment of the present invention further provides a terminal security monitoring method, as shown in fig. 4, the terminal security monitoring method includes the following steps:
step S101: receiving a parameter configuration instruction; specifically, a terminal security monitoring device may be arranged in a terminal device that needs to perform security monitoring, and a monitoring module and a management module may be arranged in the terminal security monitoring device, where the management module is configured to receive a parameter configuration instruction sent by an external device, such as a management platform.
Step S102: generating monitoring parameters according to the parameter configuration instruction; specifically, after the management module receives the parameter configuration instruction, the management module can analyze the parameter to obtain the parameter therein, and write the parameter into the configuration file for the monitoring module to read.
Step S103: and monitoring the safety state of the terminal according to the monitoring parameters. Specifically, the monitoring module may read parameters in the configuration file to generate monitoring parameters, such as parameters of a switch of a monitoring project, a threshold of monitoring content, an acquisition period, and the like, and implement security monitoring of the content, such as a login state, a hardware running state, a network connection state, a process running state, a network traffic state, and the like, according to the parameters.
The terminal safety monitoring method provided by the embodiment of the invention can receive the externally input parameter configuration instruction to generate the monitoring parameter, and realize the monitoring of the terminal safety state according to the monitoring parameter. Therefore, the terminal safety monitoring method provided by the embodiment of the invention can receive different instructions to generate monitoring parameters, so that safety monitoring can be realized in different environments, different software and hardware environments can be adapted, safety protection can be more effectively performed on the terminal, normal operation of terminal services is guaranteed, and the adaptability of terminal safety monitoring is improved.
Although the present invention has been described in detail with respect to the exemplary embodiments and the advantages thereof, those skilled in the art will appreciate that various changes, substitutions and alterations can be made to the embodiments without departing from the spirit and scope of the invention as defined by the appended claims. For other examples, one of ordinary skill in the art will readily appreciate that the order of the process steps may be varied while maintaining the scope of the present invention.
Moreover, the scope of the present application is not intended to be limited to the particular embodiments of the process, machine, manufacture, composition of matter, means, methods and steps described in the specification. As one of ordinary skill in the art will readily appreciate from the disclosure of the present invention, processes, machines, manufacture, compositions of matter, means, methods, or steps, presently existing or later to be developed, that perform substantially the same function or achieve substantially the same result as the corresponding embodiments described herein may be utilized according to the present invention. Accordingly, the appended claims are intended to include within their scope such processes, machines, manufacture, compositions of matter, means, methods, or steps.

Claims (10)

1.一种终端安全监测装置,其特征在于,包括:监测模块和管理模块,1. a terminal safety monitoring device is characterized in that, comprising: a monitoring module and a management module, 管理模块,所述管理模块包括参数接收单元,所述参数接收单元用于接收外部输入的参数配置指令,根据所述参数配置指令生成配置文件发送至所述监测模块;a management module, the management module includes a parameter receiving unit, the parameter receiving unit is configured to receive an externally input parameter configuration instruction, generate a configuration file according to the parameter configuration instruction, and send it to the monitoring module; 监测模块,用于接收所述配置文件,根据所述配置文件设置监测参数对终端安全状态进行监测。The monitoring module is used for receiving the configuration file, and monitoring the security state of the terminal by setting monitoring parameters according to the configuration file. 2.根据权利要求1所述的终端安全监测装置,其特征在于,所述监测参数包括:监测项目的开关,监测内容的阈值以及采集周期中的任意一种或多种。2 . The terminal security monitoring device according to claim 1 , wherein the monitoring parameters include any one or more of: a switch of a monitoring item, a threshold of monitoring content, and a collection period. 3 . 3.根据权利要求1所述的终端安全监测装置,其特征在于,监测的终端安全状态包括登录状态、硬件运行状态、网络连接状态、进程运行状态以及网络流量状态中的任意一种或多种。3. The terminal security monitoring device according to claim 1, wherein the monitored terminal security status includes any one or more of login status, hardware running status, network connection status, process running status and network traffic status . 4.根据权利要求1所述的终端安全监测装置,其特征在于,所述监测模块还用于监测到安全事件时,将所述安全事件发送至所述管理部分输出。4 . The terminal security monitoring device according to claim 1 , wherein the monitoring module is further configured to send the security event to the management part for output when a security event is detected. 5 . 5.根据权利要求1所述的终端安全监测装置,其特征在于,所述管理模块还包括:调整单元,所述调整单元用于监测所述监测模块的运行状态,根据所述运行状态实时更改所述监测参数。5 . The terminal security monitoring device according to claim 1 , wherein the management module further comprises: an adjustment unit, the adjustment unit is configured to monitor the running state of the monitoring module, and change the running state in real time according to the running state. 6 . the monitoring parameters. 6.根据权利要求1所述的终端安全监测装置,其特征在于,所述管理模块还包括:链接确认单元,所述链接确认单元用于每隔预设时间与外部设备发送心跳报文,维护与外部设备的链接。6. The terminal security monitoring device according to claim 1, wherein the management module further comprises: a link confirmation unit, the link confirmation unit is used to send a heartbeat message with an external device every preset time, and the maintenance Links to external devices. 7.根据权利要求1所述的终端安全监测装置,其特征在于,所述管理模块还包括:升级单元,所述升级单元用于接收外部输入的升级文件,根据所述升级文件更新所述监测模块。7 . The terminal security monitoring device according to claim 1 , wherein the management module further comprises: an upgrade unit, the upgrade unit is configured to receive an upgrade file input from outside, and update the monitoring device according to the upgrade file. 8 . module. 8.一种终端安全监测系统,其特征在于,包括:终端设备和管理平台,所述终端设备包括权利要求1-7任一项所述的终端安全监测装置,所述终端设备接收所述管理平台发送的参数配置指令,根据所述参数配置指令进行监测参数的配置。8. A terminal security monitoring system, comprising: a terminal device and a management platform, the terminal device comprising the terminal security monitoring device according to any one of claims 1-7, the terminal device receiving the management platform The parameter configuration instruction sent by the platform is used to configure the monitoring parameters according to the parameter configuration instruction. 9.根据权利要求8所述的终端安全监测系统,其特征在于,所述管理平台用于接收所述终端设备发送的安全事件以及心跳报文,向所述终端设备发送升级文件。9 . The terminal security monitoring system according to claim 8 , wherein the management platform is configured to receive security events and heartbeat messages sent by the terminal device, and send an upgrade file to the terminal device. 10 . 10.一种终端安全监测方法,其特征在于,包括:10. A terminal security monitoring method, comprising: 接收参数配置指令;Receive parameter configuration instructions; 根据所述参数配置指令生成监测参数;generating monitoring parameters according to the parameter configuration instruction; 根据所述监测参数进行终端安全状态的监测。The terminal security state is monitored according to the monitoring parameters.
CN202011255639.6A 2020-11-11 2020-11-11 Terminal monitoring device, system and method Pending CN112367224A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011255639.6A CN112367224A (en) 2020-11-11 2020-11-11 Terminal monitoring device, system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011255639.6A CN112367224A (en) 2020-11-11 2020-11-11 Terminal monitoring device, system and method

Publications (1)

Publication Number Publication Date
CN112367224A true CN112367224A (en) 2021-02-12

Family

ID=74514332

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011255639.6A Pending CN112367224A (en) 2020-11-11 2020-11-11 Terminal monitoring device, system and method

Country Status (1)

Country Link
CN (1) CN112367224A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174354A (en) * 2022-07-22 2022-10-11 科来网络技术股份有限公司 Platform side data alarm method and device, monitoring equipment and readable storage medium

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789890A (en) * 2010-02-05 2010-07-28 上海宝信软件股份有限公司 Configuration-based agent monitoring system capable of automatically realizing update and monitoring method thereof
CN104268060A (en) * 2014-10-17 2015-01-07 浪潮电子信息产业股份有限公司 Data center monitoring system capable of customizing extended monitoring items
CN105450619A (en) * 2014-09-28 2016-03-30 腾讯科技(深圳)有限公司 Method, device and system of protection of hostile attacks
CN106209482A (en) * 2016-09-13 2016-12-07 郑州云海信息技术有限公司 A kind of data center monitoring method and system
CN106506262A (en) * 2016-10-19 2017-03-15 中国铁道科学研究院电子计算技术研究所 IT equipment monitoring index expansion method and IT comprehensive monitoring system
CN106886477A (en) * 2017-02-20 2017-06-23 郑州云海信息技术有限公司 Threshold setting method and device are monitored in a kind of cloud system
CN107402871A (en) * 2017-03-28 2017-11-28 阿里巴巴集团控股有限公司 Terminal capabilities monitoring method and device, monitoring document handling method and device
CN107465568A (en) * 2017-07-06 2017-12-12 长城计算机软件与系统有限公司 A kind of monitoring method and monitoring system for terminal
CN108683549A (en) * 2018-06-08 2018-10-19 湖北鑫英泰系统技术股份有限公司 A kind of network security applied in electric power monitoring system monitors system
CN109413642A (en) * 2018-11-22 2019-03-01 中邮科通信技术股份有限公司 Terminal security detection and monitoring system method
CN110162978A (en) * 2019-05-16 2019-08-23 合肥优尔电子科技有限公司 A kind of terminal security risk assessment management method, apparatus and system
CN111200526A (en) * 2019-12-31 2020-05-26 中国建设银行股份有限公司 Monitoring system and method of network equipment

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789890A (en) * 2010-02-05 2010-07-28 上海宝信软件股份有限公司 Configuration-based agent monitoring system capable of automatically realizing update and monitoring method thereof
CN105450619A (en) * 2014-09-28 2016-03-30 腾讯科技(深圳)有限公司 Method, device and system of protection of hostile attacks
CN104268060A (en) * 2014-10-17 2015-01-07 浪潮电子信息产业股份有限公司 Data center monitoring system capable of customizing extended monitoring items
CN106209482A (en) * 2016-09-13 2016-12-07 郑州云海信息技术有限公司 A kind of data center monitoring method and system
CN106506262A (en) * 2016-10-19 2017-03-15 中国铁道科学研究院电子计算技术研究所 IT equipment monitoring index expansion method and IT comprehensive monitoring system
CN106886477A (en) * 2017-02-20 2017-06-23 郑州云海信息技术有限公司 Threshold setting method and device are monitored in a kind of cloud system
CN107402871A (en) * 2017-03-28 2017-11-28 阿里巴巴集团控股有限公司 Terminal capabilities monitoring method and device, monitoring document handling method and device
CN107465568A (en) * 2017-07-06 2017-12-12 长城计算机软件与系统有限公司 A kind of monitoring method and monitoring system for terminal
CN108683549A (en) * 2018-06-08 2018-10-19 湖北鑫英泰系统技术股份有限公司 A kind of network security applied in electric power monitoring system monitors system
CN109413642A (en) * 2018-11-22 2019-03-01 中邮科通信技术股份有限公司 Terminal security detection and monitoring system method
CN110162978A (en) * 2019-05-16 2019-08-23 合肥优尔电子科技有限公司 A kind of terminal security risk assessment management method, apparatus and system
CN111200526A (en) * 2019-12-31 2020-05-26 中国建设银行股份有限公司 Monitoring system and method of network equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174354A (en) * 2022-07-22 2022-10-11 科来网络技术股份有限公司 Platform side data alarm method and device, monitoring equipment and readable storage medium

Similar Documents

Publication Publication Date Title
Rehmani et al. Software defined networks-based smart grid communication: A comprehensive survey
Li et al. EHOPES: Data-centered Fog platform for smart living
US11700232B2 (en) Publishing data across a data diode for secured process control communications
CN107976973B (en) Secure process control communication
CN107976972B (en) Secure process control communication
Hadeli et al. Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration
CN111917727A (en) Electric power Internet of things safety intelligent image transmission system and method based on 5G and WiFi
Wendzel et al. Cyber security of smart buildings
CN109922160A (en) A kind of terminal security cut-in method, apparatus and system based on electric power Internet of Things
EP2461538A2 (en) Application layer security proxy for automation and control system networks
CN105745869A (en) Security gateway for a regional/home network
CN107888613B (en) Management system based on cloud platform
CN110809262B (en) COAP protocol-based operation and maintenance management method for Internet of things equipment
US20180262502A1 (en) Method for operating an industrial network and industrial network
CN111696335A (en) Centralized meter for automated metering management of power distribution services
CN110493222A (en) A kind of power automation terminal remote management method and system
Pandey et al. Towards management of machine to machine networks
Mai et al. Uncharted networks: A first measurement study of the bulk power system
CN112367224A (en) Terminal monitoring device, system and method
CN114189858B (en) Asymmetric encryption-based power 5G public network secure transmission method
CN108933707B (en) Safety monitoring system and method for industrial network
CN107135109A (en) An energy management terminal front-end processor
CN110609533A (en) Safety architecture of SCADA data acquisition system
CN102714661B (en) System for performing remote services for a technical installation
CN113728239B (en) Detecting energy consumption fraud in power distribution services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210212