Industrial control flow acquisition and protocol analysis method

A protocol analysis and traffic technology, which is applied in the field of industrial control traffic collection and protocol analysis, can solve the problems affecting the safe and stable operation of industrial control networks and information systems, and cannot be manually replaced by system operations, achieving powerful data retrieval and analysis capabilities, fast analysis and query logs to avoid potential risks

Inactive Publication Date: 2019-11-01
CHINA TOBACCO ZHEJIANG IND
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Subsequently, information security management has gradually exposed some problems, mainly in the following aspects: First, with the deepening of the integration of "two modernizations", the production network (wired and wireless), office network (wired and wireless) ) and the Internet have realized interconnection, and the industrial control network and system have directly faced the security threats brought by the Internet; second, the core business system of the industrial control network is mainly concentrated in the industrial control network layer (involving silk making, coiling, warehouse management and other systems) , has the characteristics of high informatization and multi-system interaction, and system operations cannot be replaced manually. Once a security incident occurs, the impact on production is obvious; third, the current industrial control network layer lacks unified and effective technical protection measures for industrial production networks. The level of security defense needs to be improved urgently. It belongs to the blind area and short board of network information security protection. Once an industrial control network security incident occurs, it may affect the safe and stable operation of the industrial control network and information system of the entire factory production workshop.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control flow acquisition and protocol analysis method
  • Industrial control flow acquisition and protocol analysis method
  • Industrial control flow acquisition and protocol analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] like figure 1 As shown, the embodiment of the present invention provides a method for collecting and analyzing industrial control traffic, including the following steps:

[0043] Step (1) data collection, that is, to obtain data based on the mirror port of the industrial control network switch;

[0044] The purpose of data collection is to provide basic data sources for subsequent data analysis, so as to realize the discovery of abnormal network behavior through the analysis of industrial control network communication.

[0045] In a specific implementation manner of the embodiment of the present invention, the step (1) is specifically:

[0046] (1.1) Deploy flow collection device 2 beside industrial control network switch 1, described flow collection device 2 carries out data collection through the mirror port of industrial control network switch 1, simultaneously connects the communication port of oneself with management network in order to return data; See figure 2...

Embodiment 2

[0079] In order to ensure that the flow data after data preprocessing can be accurately and timely transmitted to the third-party management system, on the premise that the data transmission has a correct queue mechanism, the method of the present invention also designs the synchronous and asynchronous modes of data return;

[0080] Specifically, the difference between the embodiment of the present invention and embodiment 1 is:

[0081] like Figure 4 As shown, the method also includes:

[0082] Regularly detect the connection and disconnection of the interface with the external backhaul network. If the detection result is normal, the data will be returned; The data is sent to the third-party system according to the queue mechanism;

[0083] Among them, each data adopts the time stamp mechanism. Once the data transmission fails due to network abnormality, the local storage space can be used to cache the failed data. After the network is restored, the cached data can be sent...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control flow acquisition and protocol analysis method. The method comprises the following steps: acquiring data based on a mirror image port of an industrial control network switch; preprocessing the acquired data, wherein the preprocessing comprises restoring a network session of a transmission layer, identifying an application protocol and extracting structured metadata; respectively carrying out classified storage on the network session passing through the reduction transmission layer, identifying an application protocol and extracting various types ofdata subjected to structured metadata processing; and according to a set rule, monitoring and analyzing the classified and stored data, and finding out abnormal data. According to the invention, flowdata is accessed in a mirror image mode, so that risk hidden troubles during deployment of series equipment are avoided. Meanwhile, a five-layer processing architecture of acquisition, preprocessing,analysis, storage and return is established, the effect of each architecture level is clear, a clear guiding effect is achieved for acquisition and analysis of industrial control flow, and role overlapping of each layer is avoided.

Description

technical field [0001] The invention belongs to the technical field of computer systems, and in particular relates to a method for collecting and analyzing industrial control traffic. Background technique [0002] In recent years, as the industry has vigorously advocated the integration of the two (informatization and industrialization), the core business system represented by the MES system has connected the office network and the industrial control production network due to its own management and data interaction requirements. The tradition exists in The industrial control network and information system of the production workshop and elevated warehouse are no longer closed and isolated. The industrial control network has gradually integrated into the cigarette factory’s internal office network and even physically connected to the external WAN network, becoming an important part of the cigarette factory’s corporate network. [0003] Subsequently, information security manage...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L12/24
CPCH04L41/0631H04L41/069H04L43/0876H04L69/22
Inventor 蒋一翔张成挺方利梅徐琦叶志晖冯海
Owner CHINA TOBACCO ZHEJIANG IND
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap