Industrial Internet intrusion detection as well as defense method and device

Abstract

The invention discloses an industrial Internet intrusion detection as well as defense method and device. In the invention, a white list check method is adopted, i.e. only if the requested service in a service request and the client sending the request conform to those of the white list, the request is accepted; and if not, the request is refused. Compared with the black list mode checking 1 to N, the detection mode does not require a database with a great number of harmful information feature codes and does not require to upgrade the database continuously, thus the detection time is greatly shortened, the demands on software and hardware are very low and the user cost is reduced. In addition, as the industrial Internet is different from the World Wide Web, i,e, the client base of the industrial Internet is limited and fixed and the services provided by the industrial Internet are limited and fixed, the industrial Internet requires to use the data and information of specific applications and can refuse the disrelated data and information request. Therefore, the industrial Internet is extremely suitable for the white list check method; and by adopting the white list mode, the attacks of external undesirable programs on the industrial Internet can be effectively prevented and the safety of the industrial Internet can be ensured.

Description

technical field [0001] The invention relates to an industrial Internet intrusion detection and defense technology. Background technique [0002] With the rapid development of industrial automation control, more and more industrial enterprises use their internal (or private) network to interconnect their production process special equipment or industrial intelligent equipment (Intelligent Electric Device, referred to as "IED") to form a production Control system network. This kind of internal (or private) network used by industrial enterprises is called the Industrial Internet. Generally speaking, the Industrial Internet must have some special structures and functions that satisfy industrial automation control. [0003] With the development of the industrial Internet, use the hardware and software facilities of the existing public network (World Wide Internet) to remotely connect to an industrial Internet, and perform remote centralized monitoring and remote maintenance of ...

AI Technical Summary

Problems solved by technology

[0007] 1. The firewall cannot resist the latest attack virus with no policy set

2. Most of the attacks on the legally opened ports of the server cannot be prevented by the firewall

3. Firewalls generally cannot prevent internal attacks that actively initiate connections

4. The firewall itself will also have problems and be attacked: it may also be attacked and have software / hardware failures

5. The limit on the number of concurrent connections of the firewall can easily lead to congestion or overflow: due to the need to judge and process each packet passing through the firewall, the firewall is likely to become the bottleneck of the entire network in some cases with large traffic and many concurrent requests. affect performance

However, VPN has the following disadvantages: 1. VPN is mainly used in the link layer. In the link layer, there is no unified encryption standard at present, so all link layer encryption schemes are basically designed by the manufacturers themselves, and special encryption is required. encryption hardware, which requires high hardware

2. VPN encrypts all data packets, we cannot use any method to monitor this kind of behavior

3. VPN can only protect the end-to-end access of the host

Images