Unlock instant, AI-driven research and patent intelligence for your innovation.

A method for accelerating industrial control firewall rule matching

A firewall and rule technology, which is applied in the field of industrial control system network, can solve the problems of not being able to prioritize fast matching, and achieve the effects of reducing matching comparison time, small amount of upgrade changes, and accelerating processing speed

Active Publication Date: 2019-08-06
BEIDOU TIANDI CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 3. For high-frequency data packets, fast matching cannot be prioritized

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for accelerating industrial control firewall rule matching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The technical solutions of the present invention will be clearly and completely described below in conjunction with the accompanying drawings of the present invention.

[0029] Such as figure 1 As shown, a method for accelerating industrial control firewall rule matching according to the present invention comprises the following steps:

[0030] 1) Decoding the network data message to obtain some key field information;

[0031] 2) Divide the whitelist rule list into three groups, which are recorded as high-frequency rule table, medium-frequency rule table and low-frequency rule table respectively, and use traditional methods to organize and store them;

[0032] 3) Match the network data message processed in step 1) with the high-frequency rule table, if the match is successful, then end, and process the match successfully, if the match fails, then enter step 4);

[0033] 4) match the network data message after step 1) processing with the middle frequency rule table, if...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for accelerating industrial control firewall rule matching. The method comprises the following steps: 1) performing decoding processing on a network data message; 2) dividing white list rule lists into a high frequency rule list, a medium frequency rule list and a low frequency rule list; 3) matching the decoded network data message with the high frequency rule list, terminating in the case of matching success, and executing step 4) in the case of matching failure; 4) matching the decoded network data message with the medium frequency rule list, terminating in the case of matching success, and executing step 5) in the case of matching failure; and 5) matching the decoded network data message with the low frequency rule list, terminating in the case of matching success, and performing matching failure processing in the case of matching failure. By adoption of the method disclosed by the invention, the rule matching mode can be automatically adjusted and optimized according to the condition of the network data message; and when the network load is relatively large, the rule matching speed is obviously accelerated to shorten the rule matching time and shorten the network data delay.

Description

technical field [0001] The invention relates to the technical field of industrial control system network, in particular, to a method for accelerating the matching of industrial control firewall rules. Background technique [0002] The industrial control system network is a network composed of industrial automation production equipment. Unlike the IT network, the industrial control network has a proprietary communication protocol and communication mechanism, which requires higher real-time network performance. According to the characteristics of the industrial control network, Xi'an Yankuang proposed a "white environment" solution, that is, "only trusted devices can access the control network; only trusted messages can be transmitted on the network; only trusted software before it is allowed to be executed". [0003] Since the industrial control firewall needs to intercept network data packets in real time and perform whitelist rule matching to determine whether to release t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/20Y02D30/50
Inventor 刘坤彭继国侯双双张波
Owner BEIDOU TIANDI CO LTD