Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safety data acquisition and anomaly detection method and system facing industrial control network

An industrial control network and security data technology, applied in the field of security data collection and anomaly detection, can solve the problems of inability to cope with APT attacks, limited security data collection range, restricting the implementation and promotion of security solutions, etc., to improve the ability to resist APT attacks , the effect of reducing casualties and property damage

Active Publication Date: 2016-09-21
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF8 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] To sum up, the existing security solutions for industrial control networks generally have four problems: (1) The scope of security data collection is limited--some solutions are based on data generated by firewalls, IDS and other security devices for analysis, but the security The equipment is deployed on the control layer, and the real state of the on-site control equipment cannot be obtained; (2) The security data collection does not fully consider the characteristics of the industrial control network--some solutions only consider how to improve the security of the industrial control network, but ignore The implementation of the scheme will have a negative impact on the availability and reliability of the industrial control network, thus seriously restricting the implementation and promotion of the security scheme; (3) Anomaly detection requires preconditions - the premise of some schemes is that there is no abnormality (4) Anomaly detection cannot cope with APT attacks--some solutions limit the detection scope to certain types of devices or certain network paths, and the detection of isolated data points cannot detect APT attacks in time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety data acquisition and anomaly detection method and system facing industrial control network
  • Safety data acquisition and anomaly detection method and system facing industrial control network
  • Safety data acquisition and anomaly detection method and system facing industrial control network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the present invention will be described in detail below in conjunction with the accompanying drawings.

[0032] 1. figure 1 It is a schematic diagram of the system operation flow chart of the present invention. Such as figure 1 As shown, the system includes:

[0033] 1) The security data collection subsystem is composed of a host device data collection module, a network device data collection module, a control device data collection module and an elastic collection strategy module. And generate a security message in JSON format, and the security message is stored in a distributed database; the assets include Web server, mail server, ERP system server, OA system server, host computer, history library server, real-time library server, Switches, firewalls, one-way gatekeepers, IDS / IPS, PLC controllers, DCS controllers, etc.;

[0034] 2) The anomaly dete...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a safety data acquisition and anomaly detection method and system facing an industrial control network. The safety data acquisition and anomaly detection method comprises two parts: safety data acquisition and anomaly detection, wherein for the safety data acquisition part, the multi-layer and multi-type of safety data in the industrial control network is acquired based on an elastic acquisition strategy, and a safety message with a unified format is formed; and for the anomaly detection part, the safety message is analyzed and anomaly of asset allocation in the industrial control network is discovered through detection by means of configuration of a baseline, and anomaly of the operation behavior in the industrial control network is discovered through control and operation of consistency detection. The safety data acquisition and anomaly detection method and system face the industrial control network, and can improve the capability of the industrial control network of opposing APT attack, on the basis of guaranteeing the availability and reliability of the industrial control network.

Description

technical field [0001] The present invention relates to the field of computer networks, and more specifically, to a method and system for safe data collection and anomaly detection oriented to industrial control networks. Background technique [0002] In the context of Industry 4.0, a large number of IT network technologies have been introduced into the industrial control network, and the previous independent and closed situation of the industrial control network has been gradually broken. The Stuxnet incident in 2010 has drawn widespread attention to the security of industrial control networks, and various countries have launched research on the security of industrial control networks. However, the characteristics of industrial control networks that emphasize availability and reliability determine that traditional network security devices cannot be directly deployed in industrial control networks, and traditional network security devices cannot cope with the threat of APT a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26
CPCH04L41/0853H04L41/0869H04L43/024
Inventor 陈凯王利明
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products