Passive industrial control network topology discovery method and industrial control network security management system

Abstract

The invention discloses a passive industrial control network topology discovery method and an industrial control network security management method and system. The passive industrial control network topology discovery method comprises the following steps: determining a core switch of a tested industrial control network; setting one port of the core switch as a mirror image port, and setting otherports as source ports; sniffing the communication data packet of the tested industrial control network through the mirror image port; carrying out dimension reduction processing on the sniffed data packet; classifying the data packets subjected to dimension reduction by adopting a CART classification tree model to obtain a classification result, wherein the classification result represents the connection type between the equipment represented by the source address of the data packet and the equipment represented by the destination address of the data packet, and the connection type comprises the connection between the switch and the router, the connection between the host and the switch and the connection between the switches; and determining the topological structure of the tested industrial control network according to the classification result. According to the invention, the topological structure of the tested industrial control network can be quickly and completely determined, andthe safety of the tested industrial control network is managed.

Description

technical field [0001] The invention relates to the fields of industrial control and network security, in particular to a passive industrial control network topology discovery method and an industrial control network security management system. Background technique [0002] With the introduction of the concept of "Industrial Internet" in the United States and the implementation of "Industry 4.0" in Germany, the integration of the two has become the general trend. Since the traditional industrial system only considered its practicality at the beginning of its construction and did not consider security issues, its vulnerability was completely exposed in the mutual integration with the Internet, resulting in an endless stream of network security incidents, especially for industrial control systems, etc. The invasion and attack of national infrastructure has seriously affected the national economy and people's livelihood of the country. Effectively detecting the network securit...

AI Technical Summary

Problems solved by technology

However, although the passive monitoring method of obtaining all network communication packets by means of port mirroring can completely obtain its communication information, its disadvantages are: the amount of information obtained is large and complex, and most of it is useless information. Processing relevant data to obtain complete topology information will affect the integrity of its topology structure. Therefore, a fast and complete method for extracting network topology information is very important for obtaining complete network topology

Images