[go: up one dir, main page]

CN117938478B - Special equipment box remote operation and maintenance method and system based on Internet of things technology - Google Patents

Special equipment box remote operation and maintenance method and system based on Internet of things technology Download PDF

Info

Publication number
CN117938478B
CN117938478B CN202410045329.3A CN202410045329A CN117938478B CN 117938478 B CN117938478 B CN 117938478B CN 202410045329 A CN202410045329 A CN 202410045329A CN 117938478 B CN117938478 B CN 117938478B
Authority
CN
China
Prior art keywords
special equipment
equipment box
security
monitoring
remote
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410045329.3A
Other languages
Chinese (zh)
Other versions
CN117938478A (en
Inventor
方必坤
方碧应
方瑛琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Shangkun Industrial Technology Co ltd
Original Assignee
Guangdong Shangkun Industrial Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Shangkun Industrial Technology Co ltd filed Critical Guangdong Shangkun Industrial Technology Co ltd
Priority to CN202410045329.3A priority Critical patent/CN117938478B/en
Publication of CN117938478A publication Critical patent/CN117938478A/en
Application granted granted Critical
Publication of CN117938478B publication Critical patent/CN117938478B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Selective Calling Equipment (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a special equipment box remote operation and maintenance method and system based on the internet of things technology, comprising seven operation steps, a remote operation and maintenance center, a special equipment box monitoring module, a remote monitoring and analysis module, a remote control module and a safety management module; the remote control module is matched with the security management module, so that the security of the special equipment box body when the special equipment box body is connected to a public network is ensured, and the risks of data leakage and hacking are reduced; through real-time data transmission and security decision basis, a secure communication link can be provided, the threat of eavesdropping and hijacking is reduced, and the risk of sensitive information leakage is reduced; the fault occurrence time and the fault rate of special equipment are predicted in advance through the prediction function of the remote monitoring and analyzing module, and measures are taken in time to maintain and repair; the sensor technology of the Internet of things is fully applied, and the real-time monitoring and analysis of special equipment are realized through the remote monitoring and analysis module, so that the intelligent and efficient monitoring and analysis system is more intelligent.

Description

Special equipment box remote operation and maintenance method and system based on Internet of things technology
Technical Field
The invention relates to the technical field of network data security, in particular to a special equipment box remote operation and maintenance method and system based on the internet of things technology.
Background
The method and the system for remotely operating and maintaining the special equipment box based on the internet of things are a method and a system for remotely monitoring, controlling and maintaining the special equipment box based on the internet of things, and mainly aim to realize the functions of monitoring and remotely controlling the equipment state of the special equipment box, however, the prior art has some defects: remote operation involves the monitoring and control of devices that may face network security threats such as data leakage and hacking, and secondly, the communication link may be compromised by eavesdropping and hijacking, resulting in sensitive information leakage.
Disclosure of Invention
The invention aims to provide a special equipment box remote operation and maintenance method and system based on the Internet of things technology, which are used for solving the technical difficulties that the remote operation and maintenance related to equipment monitoring and control provided in the background technology can face the threat of network security, such as data leakage and hacking attack, and the communication link can be threatened by eavesdropping and hijacking, so that sensitive information leakage is caused.
In order to achieve the above purpose, the present invention provides the following technical solutions:
A special equipment box remote operation and maintenance method based on the internet of things technology comprises the following steps:
s1: analyzing the structure and the characteristics of a special equipment box, determining parameters and indexes to be monitored and controlled according to the operation and maintenance requirements and the function requirements of the special equipment box, designing a security architecture comprising network isolation, data encryption, identity authentication and access control functions, and introducing a blockchain technology to realize the decentralised identity authentication and data transmission;
S2: the method comprises the steps that an Internet of things sensor is arranged in a special equipment box body and used for acquiring the working state, temperature and humidity information of equipment in real time, meanwhile, a virtualization technology is deployed, an operating system and an application program in the special equipment box body are virtualized into virtual machines, then network connection configuration is carried out, and the special equipment box body can be ensured to communicate with a remote operation and maintenance center;
S3: connecting the special equipment box with the remote operation and maintenance center through the Internet of things technology, establishing a stable and reliable communication link, configuring a network security policy, ensuring the security of the communication link, adopting end-to-end encryption to protect the confidentiality and the integrity of data, performing network test, and ensuring the normal communication between the special equipment box and the remote operation and maintenance center;
S4: the remote operation and maintenance center monitors the running state of the virtual machine in the special equipment box, acquires the performance index and the running log of the virtual machine, analyzes the working data and the fault record of the special equipment, predicts the fault occurrence time and the fault rate of the special equipment, implements the real-time alarm function, and can timely receive alarm information when the special equipment has abnormal conditions;
S5: the remote operation and maintenance center can remotely control the virtual machine in the special equipment box body through a safe communication link to restart, stop and modify configuration, and implement an authority management mechanism at the same time to strictly control the authority of the remote control operation, so that only authorized users can control the operation, and in addition, the log of the remote control operation is recorded, including operation time, operation content and operator information, so that the tracing and auditing are facilitated;
s6: the data of the special equipment is backed up regularly to prevent the data from being lost, and the safety management of a remote operation and maintenance center is enhanced, so that the legal and safe authority of accessing the box body of the special equipment is ensured;
S7: and (3) implementing security vulnerability management, repairing vulnerabilities and security problems in the special equipment box in time, implementing network access control, limiting network access rights of the special equipment box, implementing security audit, and performing security inspection and monitoring on a remote operation and maintenance system of the special equipment box.
Specifically, in the S1, encryption algorithms including AES and RSA are used to protect confidentiality of data; an identity authentication protocol is introduced, wherein the identity authentication protocol comprises OAuth and OpenID Connect, so that only authorized users can access the special equipment box body; implementing an access control list to limit the access rights of the special equipment box body; using blockchain to record identity information of equipment and users, ensuring uniqueness and non-tamper property of identities; the intelligent contract is realized to manage the equipment access rights, and the legitimacy and the security of the rights are ensured.
Specifically, in the step S2, a sensor data acquisition technology including MQTT and CoAP is used to realize real-time monitoring of the working state of special equipment; the VMware virtualization technology is used for realizing the isolation and flexible allocation of the resources of the special equipment; and configuring VPN connection to ensure the safety and stability of communication.
Specifically, in the step S3, the HTTP protocol is used to implement the communication between the special equipment box and the remote operation and maintenance center; the TLS protocol is used for encrypting communication data, so that the security of data transmission is ensured.
Specifically, in the step S4, a monitoring system including promethaus is used to monitor the performance index of the virtual machine in the special equipment box in real time; analyzing and predicting working data of special equipment by using a random forest; configuring an alarm rule, and triggering an alarm when the box body temperature of the special equipment exceeds a threshold value; and an instant messaging tool comprising RabbitMQ is used for realizing the real-time pushing of alarm information.
Specifically, in the step S5, remote control of the virtual machine in the special equipment box is implemented by using a remote control protocol RDP; multi-factor identity authentication is introduced, including mobile phone short message verification codes and hardware tokens, so that the safety of control operation is improved; log information of remote control operations is recorded using a log management mechanism including ELK, splenk.
Specifically, in the step S6, backup software, including Veeam and Acronis, is used to regularly backup the data of the special device; and (3) implementing security audit, and periodically checking and improving security measures of a remote operation and maintenance center.
Specifically, in the step S7, security scanning and vulnerability assessment are performed regularly, vulnerabilities and security problems in the special equipment box are found and repaired in time, and firewall, intrusion detection and antivirus software are configured, so that the security of the special equipment box is improved; configuring a network access control list, limiting the network access authority of the special equipment box body, and realizing the safe access to the special equipment box body by using a safe communication protocol; and a security audit tool comprising a SIEM system is used for carrying out security inspection and monitoring on a remote operation and maintenance system of the special equipment box body, analyzing and evaluating security audit results regularly, and timely finding and solving security problems.
The special equipment box remote operation and maintenance system based on the Internet of things technology comprises a remote operation and maintenance center, a special equipment box monitoring module, a remote monitoring and analysis module, a remote control module and a safety management module, wherein the remote operation and maintenance center is the core of the whole system and is responsible for coordinating and managing the work of the four modules, the special equipment box monitoring module comprises an Internet of things sensor and a virtualization technology, the Internet of things sensor is deployed in the special equipment box, the system is used for acquiring the working state, temperature, humidity and pressure information of the equipment in real time, the sensors communicate with a remote operation and maintenance center by using MQTT and CoAP protocols, data are transmitted to the center for analysis and processing, an operating system and an application program in a special equipment box are virtualized into a virtual machine by a virtualization technology, and the special equipment box and the remote operation and maintenance center can be ensured to communicate in real time through network connection configuration; the remote monitoring and analyzing module is mainly used for monitoring and analyzing the virtual machine in the special equipment box body, monitoring performance indexes of the virtual machine in the special equipment box body in real time through a monitoring system, including CPU (central processing unit) utilization rate, memory utilization rate and disk space, simultaneously acquiring an operation log of the virtual machine, recording the operation state and abnormal condition of the virtual machine, predicting the fault occurrence time and fault rate of the special equipment through analyzing the working data and fault record of the special equipment, so that measures are taken in advance for maintenance and repair, and in addition, an alarm mechanism is triggered in time when the special equipment has abnormal conditions, and alarm information is pushed to operation and maintenance personnel in real time through an instant communication tool through configuration alarm rules; the remote control module is used for remotely controlling the virtual machine in the special equipment box, and realizes the operation of remotely controlling the virtual machine through a remote control protocol, wherein the operation comprises restarting, stopping and modifying configuration, and in order to ensure the safety, an authority management mechanism is implemented, the authority of remote control operation is strictly controlled, only an authorized user can operate, and in the operation process, the log information of the remote control operation, including the operation time, the content and the operator information, is recorded; the security management module relates to data backup, security vulnerability management and network access control, wherein the data backup is an important measure for ensuring the security of data, backup software is used for regularly backing up the data of special equipment so as to prevent the data from losing, meanwhile, security scanning and vulnerability assessment are regularly carried out, vulnerabilities and security problems in the box body of the special equipment are timely found and repaired, the network access authority of the box body of the special equipment is limited, a firewall and an intrusion detection mechanism are configured, the security of a communication link is ensured by using a security communication protocol, in addition, a security audit tool is used for carrying out security inspection and monitoring on a remote operation and maintenance system of the box body of the special equipment, and security audit results are regularly analyzed and assessed so as to timely find and solve the security problems.
The special equipment box monitoring module acquires the working state and the environmental parameters of the special equipment in real time through the Internet of things sensor and the virtualization technology, and transmits data to the remote monitoring and analyzing module for real-time monitoring and analysis; the remote monitoring and analyzing module monitors performance indexes of virtual machines in the special equipment box in real time by utilizing the data transmitted by the special equipment box monitoring module, and predicts the fault occurrence time and the fault rate of the special equipment by analyzing the working data and the fault record of the special equipment, so that measures are taken in advance to maintain and repair the special equipment; the special equipment box monitoring module provides real-time data of special equipment for the safety management module by acquiring the working state and environmental parameters of the special equipment, provides the safety state and possible safety problems of the special equipment for the safety management module, and provides the basis for safety decision for the safety management module; the remote control module operates the special equipment, so that the safety of the special equipment is affected with probability, and the remote control module and the safety management module are matched with each other, so that the safety of remote control operation is ensured.
Compared with the prior art, the invention has the beneficial effects that:
(1) The remote control module is matched with the security management module, so that the security of the special equipment box body when the special equipment box body is connected to a public network is ensured, and the risks of data leakage and hacking are reduced.
(2) Through real-time data transmission and security decision basis, a secure communication link can be provided, and the threat of eavesdropping and hijacking is reduced, so that the risk of sensitive information leakage is reduced.
(3) The fault occurrence time and the fault rate of the special equipment can be predicted in advance through the prediction function of the remote monitoring and analyzing module, so that measures are taken in time to maintain and repair, and compared with the prior art, the method has more preventive and reliable performance.
(4) The sensor technology of the Internet of things is fully applied, real-time monitoring and analysis of special equipment are realized through the remote monitoring and analysis module, and compared with the traditional remote monitoring, the sensor technology of the Internet of things is more intelligent and efficient.
Drawings
Fig. 1 is a schematic step diagram of a method for remote operation and maintenance of a special equipment box based on the internet of things technology;
Fig. 2 is a system frame diagram of a special equipment box remote operation and maintenance system based on the internet of things technology.
1-A remote operation and maintenance center; 2-a special equipment box monitoring module; 3-a remote monitoring and analyzing module; 4-a remote control module; 5-a security management module.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus consistent with some aspects of the disclosure as detailed in the accompanying claims.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As shown in fig. 1 to 2, the remote operation and maintenance method for the special equipment box based on the internet of things technology comprises the following steps:
s1: analyzing the structure and the characteristics of a special equipment box, determining parameters and indexes to be monitored and controlled according to the operation and maintenance requirements and the function requirements of the special equipment box, designing a security architecture comprising network isolation, data encryption, identity authentication and access control functions, and introducing a blockchain technology to realize the decentralised identity authentication and data transmission;
S2: the method comprises the steps that an Internet of things sensor is arranged in a special equipment box body and used for acquiring the working state, temperature and humidity information of equipment in real time, meanwhile, a virtualization technology is deployed, an operating system and an application program in the special equipment box body are virtualized into virtual machines, then network connection configuration is carried out, and the special equipment box body is ensured to be capable of communicating with a remote operation and maintenance center 1;
s3: connecting the special equipment box with the remote operation and maintenance center 1 through the internet of things technology, establishing a stable and reliable communication link, configuring a network security policy, ensuring the security of the communication link, adopting end-to-end encryption to protect the confidentiality and integrity of data, performing network test, and ensuring the normal communication between the special equipment box and the remote operation and maintenance center 1;
S4: the remote operation and maintenance center 1 monitors the running state of the virtual machine in the special equipment box, acquires the performance index and the running log of the virtual machine, analyzes the working data and the fault record of the special equipment, predicts the fault occurrence time and the fault rate of the special equipment, implements the real-time alarm function, and can timely receive alarm information when the special equipment has abnormal conditions;
S5: the remote operation and maintenance center 1 can remotely control the virtual machine in the special equipment box body through a safe communication link to restart, stop and modify configuration, and implement a right management mechanism at the same time to strictly control the right of remote control operation, so that only authorized users can control operation, in addition, the log of remote control operation is recorded, comprising operation time, operation content and operator information, and the tracing and auditing are facilitated;
S6: the data of the special equipment is backed up regularly to prevent the data from being lost, and the safety management of the remote operation and maintenance center 1 is enhanced, so that the legal and safe authority for accessing the box body of the special equipment is ensured;
S7: and (3) implementing security vulnerability management, repairing vulnerabilities and security problems in the special equipment box in time, implementing network access control, limiting network access rights of the special equipment box, implementing security audit, and performing security inspection and monitoring on a remote operation and maintenance system of the special equipment box.
In the step S1, the specific steps further include:
s1.1: using encryption algorithms, including AES and RSA, to protect the confidentiality of the data;
S1.2: an identity authentication protocol is introduced, wherein the identity authentication protocol comprises OAuth and OpenID Connect, so that only authorized users can access the special equipment box body;
s1.3: implementing an access control list to limit the access rights of the special equipment box body; using blockchain to record identity information of equipment and users, ensuring uniqueness and non-tamper property of identities;
s1.4: the intelligent contract is realized to manage the equipment access rights, and the legitimacy and the security of the rights are ensured.
In the step S2, the specific steps further include:
s2.1: the sensor data acquisition technology, including MQTT and CoAP, is used for realizing the real-time monitoring of the working state of special equipment;
S2.2: the VMware virtualization technology is used for realizing the isolation and flexible allocation of the resources of the special equipment;
s2.3: and configuring VPN connection to ensure the safety and stability of communication.
In the step S3, the specific steps further include:
s3.1: the HTTP protocol is used for realizing the communication between the special equipment box body and the remote operation and maintenance center 1;
S3.2: the TLS protocol is used for encrypting communication data, so that the security of data transmission is ensured.
In the step S4, the specific steps further include:
s4.1: the use monitoring system comprises Prometaus and monitors performance indexes of the virtual machines in the special equipment box in real time;
S4.2: analyzing and predicting working data of special equipment by using a random forest;
s4.3: configuring an alarm rule, and triggering an alarm when the box body temperature of the special equipment exceeds a threshold value;
s4.4: and an instant messaging tool comprising RabbitMQ is used for realizing the real-time pushing of alarm information.
In the step S5, the specific steps further include:
S5.1: remote control protocol RDP is used for realizing remote control of the virtual machine in the special equipment box;
S5.2: multi-factor identity authentication is introduced, including mobile phone short message verification codes and hardware tokens, so that the safety of control operation is improved;
s5.3: log information of remote control operations is recorded using a log management mechanism including ELK, splenk.
In the step S6, the specific steps further include:
S6.1: backup software is used, wherein the backup software comprises Veeam and Acronis, and data of special equipment are backed up regularly;
s6.2: a security audit is conducted and periodically the security measures of the remote operation and maintenance center 1 are inspected and improved.
In the step S7, the specific steps further include:
S7.1: the security scanning and vulnerability assessment are carried out regularly, so that vulnerabilities and security problems in the special equipment box body can be found and repaired in time, and the security of the special equipment box body is improved by configuring a firewall, intrusion detection and antivirus software;
S7.2: configuring a network access control list, limiting the network access authority of the special equipment box body, and realizing the safe access to the special equipment box body by using a safe communication protocol;
s7.3: and a security audit tool comprising a SIEM system is used for carrying out security inspection and monitoring on a remote operation and maintenance system of the special equipment box body, analyzing and evaluating security audit results regularly, and timely finding and solving security problems.
The invention can provide a safe communication link through real-time data transmission and a safety decision basis, thereby reducing the threat of eavesdropping and hijacking and further reducing the risk of sensitive information leakage; the fault occurrence time and the fault rate of the special equipment can be predicted in advance through the prediction function, so that measures are taken in time to maintain and repair, and compared with the prior art, the method has more preventive and reliable performance; the sensor technology of the Internet of things is fully applied, real-time monitoring and analysis of special equipment are realized, and compared with the traditional remote monitoring, the sensor technology of the Internet of things is more intelligent and efficient.
Example two
As shown in fig. 1 to 2, the special equipment box remote operation and maintenance system based on the internet of things technology comprises a remote operation and maintenance center 1, a special equipment box monitoring module 2, a remote monitoring and analysis module 3, a remote control module 4 and a security management module 5.
The remote operation and maintenance center 1 is a core of the whole system and is responsible for coordinating and managing the work of four modules, the special equipment box monitoring module 2 comprises an Internet of things sensor and a virtualization technology, the Internet of things sensor is deployed in a special equipment box and is used for acquiring the working state, temperature, humidity and pressure information of equipment in real time, the sensors communicate with the remote operation and maintenance center 1 by using an MQTT and CoAP protocol, data are transmitted to the center for analysis and processing, the virtualization technology virtualizes an operating system and an application program in the special equipment box into a virtual machine, and the special equipment box and the remote operation and maintenance center 1 can communicate in real time through network connection configuration.
The remote monitoring and analyzing module 3 is mainly used for monitoring and analyzing the virtual machine in the special equipment box, monitors performance indexes of the virtual machine in the special equipment box in real time through a monitoring system, including CPU utilization rate, memory utilization rate and disk space, acquires operation logs of the virtual machine, records operation states and abnormal conditions of the virtual machine, predicts failure occurrence time and failure rate of the special equipment through analyzing working data and failure records of the special equipment, and accordingly takes measures to maintain and repair in advance.
The remote control module 4 is used for remotely controlling the virtual machine in the special equipment box, and realizes the operation of remotely controlling the virtual machine through a remote control protocol, including restarting, stopping and modifying the configured operation, and in order to ensure the security, implementing an authority management mechanism, strictly controlling the authority of remote control operation, only an authorized user can perform the operation, and in the operation process, log information of the remote control operation including operation time, content and operator information is recorded.
The security management module 5 relates to data backup, security vulnerability management and network access control, the data backup is an important measure for ensuring the security of data, backup software is used for regularly backing up the data of the special equipment so as to prevent the data from losing, meanwhile, security scanning and vulnerability assessment are regularly carried out, vulnerabilities and security problems in the special equipment box are timely found and repaired, network access authority of the special equipment box is limited, a firewall and an intrusion detection mechanism are configured, security of a communication link is ensured by using a security communication protocol, in addition, security audit tools are used for conducting security inspection and monitoring on a remote operation and maintenance system of the special equipment box, security audit results are regularly analyzed and assessed, and the security problems are timely found and solved.
The special equipment box monitoring module 2 acquires the working state and the environmental parameters of the special equipment in real time through the Internet of things sensor and the virtualization technology, and transmits data to the remote monitoring and analyzing module 3 for real-time monitoring and analysis.
The remote monitoring and analyzing module 3 monitors the performance index of the virtual machine in the special equipment box in real time by utilizing the data transmitted by the special equipment box monitoring module 2, and predicts the fault occurrence time and the fault rate of the special equipment by analyzing the working data and the fault record of the special equipment, so that measures are taken in advance to maintain and repair the special equipment.
The special equipment box monitoring module 2 provides real-time data of special equipment for the safety management module 5 by acquiring the working state and the environmental parameters of the special equipment, provides the safety state of the special equipment and possible safety problems for the safety management module 5, and provides the basis for safety decision of the safety management module 5.
The remote control module 4 operates the special equipment, so that the safety of the special equipment is affected with probability, and the remote control module 4 and the safety management module 5 are matched with each other, so that the safety of remote control operation is ensured.
The remote control module 4 and the security management module 5 are mutually matched, so that the security of the special equipment box body when being connected to a public network is ensured, and the risks of data leakage and hacking are reduced; through real-time data transmission and security decision basis, a secure communication link can be provided, and the threat of eavesdropping and hijacking is reduced, so that the risk of sensitive information leakage is reduced; the fault occurrence time and the fault rate of the special equipment can be predicted in advance through the prediction function of the remote monitoring and analyzing module 3, so that measures are taken in time to maintain and repair, and compared with the prior art, the method has more preventive and reliable performance; the sensor technology of the internet of things is fully applied, the real-time monitoring and analysis of special equipment are realized through the remote monitoring and analysis module 3, and compared with the traditional remote monitoring, the intelligent remote monitoring system is more intelligent and efficient.

Claims (2)

1. A special equipment box remote operation and maintenance method based on the internet of things technology is characterized in that: the method comprises the following steps:
s1: analyzing the structure and the characteristics of a special equipment box, determining parameters and indexes to be monitored and controlled according to the operation and maintenance requirements and the function requirements of the special equipment box, designing a security architecture comprising network isolation, data encryption, identity authentication and access control functions, and introducing a blockchain technology to realize the decentralised identity authentication and data transmission;
S2: the method comprises the steps that an Internet of things sensor is arranged in a special equipment box body and used for acquiring the working state, temperature and humidity information of equipment in real time, meanwhile, a virtualization technology is deployed, an operating system and an application program in the special equipment box body are virtualized into virtual machines, then network connection configuration is carried out, and the special equipment box body is ensured to be capable of communicating with a remote operation and maintenance center (1);
s3: connecting the special equipment box with the remote operation and maintenance center (1) through the internet of things technology, establishing a stable and reliable communication link, configuring a network security policy, ensuring the security of the communication link, adopting end-to-end encryption to protect the confidentiality and the integrity of data, performing network test, and ensuring the normal communication between the special equipment box and the remote operation and maintenance center (1);
S4: the remote operation and maintenance center (1) monitors the running state of the virtual machine in the special equipment box, acquires the performance index and the running log of the virtual machine, analyzes the working data and the fault record of the special equipment, predicts the fault occurrence time and the fault rate of the special equipment, implements the real-time alarm function, and can timely receive alarm information when the special equipment has abnormal conditions;
S5: the remote operation and maintenance center (1) can remotely control the virtual machine in the special equipment box body through a safe communication link to restart, stop and modify configuration, and implement an authority management mechanism at the same time to strictly control the authority of the remote control operation, so that only authorized users can control the operation, and in addition, the log of the remote control operation is recorded, including operation time, operation content and operator information, so that the tracing and auditing are facilitated;
s6: the data of the special equipment is backed up regularly to prevent the data from being lost, and the safety management of the remote operation and maintenance center (1) is enhanced, so that the legal and safe authority for accessing the box body of the special equipment is ensured;
S7: the security vulnerability management is implemented, the vulnerabilities and the security problems in the special equipment box are repaired in time, the network access control is implemented, the network access authority of the special equipment box is limited, the security audit is implemented, and the security audit and the monitoring are carried out on a remote operation and maintenance system of the special equipment box;
In the step S1, an encryption algorithm, including AES and RSA, is used to protect confidentiality of data; an identity authentication protocol is introduced, wherein the identity authentication protocol comprises OAuth and OpenID Connect, so that only authorized users can access the special equipment box body; implementing an access control list to limit the access rights of the special equipment box body; using blockchain to record identity information of equipment and users, ensuring uniqueness and non-tamper property of identities; the intelligent contract is realized to manage the equipment access rights, so that the legitimacy and the security of the rights are ensured;
In the step S2, a sensor data acquisition technology comprising MQTT and CoAP is used to realize the real-time monitoring of the working state of special equipment; the VMware virtualization technology is used for realizing the isolation and flexible allocation of the resources of the special equipment; the VPN connection is configured, so that the safety and stability of communication are ensured;
in the step S3, the communication between the special equipment box body and the remote operation and maintenance center (1) is realized by using the HTTP protocol; the TLS protocol is used for encrypting communication data, so that the safety of data transmission is ensured;
In the step S4, a use monitoring system comprises Prometheus, and monitors performance indexes of the virtual machines in the special equipment box in real time; analyzing and predicting working data of special equipment by using a random forest; configuring an alarm rule, and triggering an alarm when the box body temperature of the special equipment exceeds a threshold value; an instant communication tool comprising RabbitMQ is used for realizing the real-time pushing of alarm information;
in the step S5, remote control protocol RDP is used to realize remote control of the virtual machine in the special equipment box; multi-factor identity authentication is introduced, including mobile phone short message verification codes and hardware tokens, so that the safety of control operation is improved; recording log information of remote control operation by using a log management mechanism comprising ELK and Splunk;
in the step S6, backup software is used, wherein the backup software comprises Veeam and Acronis, and data of the special equipment are backed up regularly; implementing security audit, and periodically checking and improving security measures of the remote operation and maintenance center (1);
In the step S7, security scanning and vulnerability assessment are carried out regularly, vulnerabilities and security problems in the special equipment box body are found and repaired in time, firewall, intrusion detection and antivirus software are configured, and the security of the special equipment box body is improved; configuring a network access control list, limiting the network access authority of the special equipment box body, and realizing the safe access to the special equipment box body by using a safe communication protocol; and a security audit tool comprising a SIEM system is used for carrying out security inspection and monitoring on a remote operation and maintenance system of the special equipment box body, analyzing and evaluating security audit results regularly, and timely finding and solving security problems.
2. A special equipment box remote operation and maintenance system based on the internet of things technology is characterized in that: the system comprises a remote operation and maintenance center (1), a special equipment box monitoring module (2), a remote monitoring and analyzing module (3), a remote control module (4) and a safety management module (5), wherein the remote operation and maintenance center (1) is the core of the whole system and is responsible for coordinating and managing the work of the four modules, the special equipment box monitoring module (2) comprises an Internet of things sensor and a virtualization technology, the Internet of things sensor is deployed in a special equipment box and is used for acquiring the working state, temperature, humidity and pressure information of equipment in real time, the sensors communicate with the remote operation and maintenance center (1) by using an MQTT and CoAP protocol, data are transmitted to the center for analysis and processing, and the virtualization technology virtualizes an operating system and an application program in the special equipment box into a virtual machine which can ensure that the equipment box and the remote operation and maintenance center (1) can communicate in real time through network connection configuration; the remote monitoring and analyzing module (3) is mainly used for monitoring and analyzing the virtual machine in the special equipment box body, monitoring performance indexes of the virtual machine in the special equipment box body in real time through a monitoring system, wherein the performance indexes comprise CPU (central processing unit) utilization rate, memory utilization rate and disk space, meanwhile, acquiring operation logs of the virtual machine, recording operation states and abnormal conditions of the virtual machine, predicting the fault occurrence time and fault rate of the special equipment by analyzing the working data and fault records of the special equipment, so that measures are taken in advance for maintenance and repair, and in addition, an alarm mechanism is triggered timely when the special equipment has abnormal conditions, and alarm information is pushed to operation and maintenance personnel in real time through an instant communication tool by configuring alarm rules; the remote control module (4) is used for remotely controlling the virtual machine in the special equipment box, and realizes the operation of remotely controlling the virtual machine through a remote control protocol, wherein the operation comprises restarting, stopping and modifying the configuration, and in order to ensure the safety, an authority management mechanism is implemented, the authority of remote control operation is strictly controlled, only an authorized user can perform the operation, and in the operation process, the log information of the remote control operation, including the operation time, the content and the operator information, is recorded; the security management module (5) relates to data backup, security vulnerability management and network access control, wherein the data backup is an important measure for ensuring the security of data, backup software is used for regularly backing up the data of the special equipment so as to prevent the data from losing, security scanning and vulnerability assessment are carried out regularly, vulnerabilities and security problems in the special equipment box are found and repaired in time, network access rights of the special equipment box are limited, a firewall and an intrusion detection mechanism are configured, the security of a communication link is ensured by using a security communication protocol, in addition, security audit tools are used for carrying out security inspection and monitoring on a remote operation and maintenance system of the special equipment box, security audit results are analyzed and assessed regularly, and the security problems are found and solved in time;
The special equipment box monitoring module (2) acquires the working state and the environmental parameters of the special equipment in real time through the Internet of things sensor and the virtualization technology, and transmits data to the remote monitoring and analyzing module (3) for real-time monitoring and analysis; the remote monitoring and analyzing module (3) monitors performance indexes of the virtual machine in the special equipment box in real time by utilizing the data transmitted by the special equipment box monitoring module (2), and predicts the fault occurrence time and the fault rate of the special equipment by analyzing the working data and the fault record of the special equipment, so that measures are taken in advance to maintain and repair the special equipment; the special equipment box monitoring module (2) provides real-time data of special equipment for the safety management module (5) by acquiring the working state and environmental parameters of the special equipment, provides the safety state and possible safety problems of the special equipment for the safety management module (5), and provides a basis for safety decision of the safety management module (5); the remote control module (4) has probability to influence the safety of the special equipment by operating the special equipment, so that the remote control module (4) and the safety management module (5) are required to be matched with each other, and the safety of remote control operation is ensured.
CN202410045329.3A 2024-01-11 2024-01-11 Special equipment box remote operation and maintenance method and system based on Internet of things technology Active CN117938478B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410045329.3A CN117938478B (en) 2024-01-11 2024-01-11 Special equipment box remote operation and maintenance method and system based on Internet of things technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410045329.3A CN117938478B (en) 2024-01-11 2024-01-11 Special equipment box remote operation and maintenance method and system based on Internet of things technology

Publications (2)

Publication Number Publication Date
CN117938478A CN117938478A (en) 2024-04-26
CN117938478B true CN117938478B (en) 2024-08-09

Family

ID=90762429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410045329.3A Active CN117938478B (en) 2024-01-11 2024-01-11 Special equipment box remote operation and maintenance method and system based on Internet of things technology

Country Status (1)

Country Link
CN (1) CN117938478B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118524117B (en) * 2024-06-11 2024-10-22 无锡职业技术学院 Internet of things safety detection method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102385370A (en) * 2011-09-30 2012-03-21 东南大学 System and method for monitoring energy efficiency of economical coal-fired boiler
CN107645410A (en) * 2017-09-05 2018-01-30 郑州云海信息技术有限公司 A kind of virtual machine management system and method based on OpenStack cloud platforms

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102035557B1 (en) * 2017-10-31 2019-10-23 (주)엠투엠테크 IoT based elevator pervasive autonomous system and method
CN211062177U (en) * 2020-03-27 2020-07-21 重庆金交劲通科技股份有限公司 Special equipment monitoring system based on BIM technology
CN115002167B (en) * 2022-07-28 2022-11-11 国能大渡河检修安装有限公司 Cloud-edge cooperative intelligent control system and method for hoisting equipment and readable storage medium
CN117332922A (en) * 2023-10-08 2024-01-02 江西理工大学 Full life cycle safety supervision method and system for special equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102385370A (en) * 2011-09-30 2012-03-21 东南大学 System and method for monitoring energy efficiency of economical coal-fired boiler
CN107645410A (en) * 2017-09-05 2018-01-30 郑州云海信息技术有限公司 A kind of virtual machine management system and method based on OpenStack cloud platforms

Also Published As

Publication number Publication date
CN117938478A (en) 2024-04-26

Similar Documents

Publication Publication Date Title
Panchal et al. Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures
EP3101586B1 (en) Active response security system for industrial control infrastructure
Ahmed et al. Scada systems: Challenges for forensic investigators
CN109739203B (en) Industrial network boundary protection system
EP3639179A1 (en) Collection of plc indicators of compromise and forensic data
CN110233817B (en) Container safety system based on cloud computing
CN112511494B (en) Safety protection system and method suitable for electric power intelligent terminal equipment
CN214306527U (en) Gas pipe network scheduling monitoring network safety system
Ferencz et al. Review of industry 4.0 security challenges
CN117938478B (en) Special equipment box remote operation and maintenance method and system based on Internet of things technology
AbuEmera et al. Security framework for identifying threats in smart manufacturing systems using STRIDE approach
Khodabakhsh et al. Cyber-risk identification for a digital substation
CN111193738A (en) Intrusion detection method of industrial control system
Dondossola et al. Effects of intentional threats to power substation control systems
CN117978635A (en) Monitoring method and device based on cloud data
CN112532612A (en) Industrial control network safety protection system
Zahid et al. A security risk mitigation framework for cyber physical systems
Rencelj Ling et al. Securing communication and identifying threats in rtus: A vulnerability analysis
Wali Analysis of security challenges in cloud-based SCADA systems: A survey
Yang et al. Cybersecurity analysis of wind farm industrial control system based on hierarchical threat analysis model framework
CN107516039A (en) Security protection method and device for virtualization system
Maulana et al. Analysis of the demilitarized zone implementation in Java Madura Bali electrical systems to increase the level of IT/OT cyber security with the dual DMZ firewall architecture method
Falk et al. Enhancing integrity protection for industrial cyber physical systems
Falk et al. System Integrity Monitoring for Industrial Cyber Physical Systems
Wu et al. Trustworthy Protection Technology for Industrial Internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant