CIP asset detection method and device, computer equipment and readable storage medium
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A detection method and asset technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as inability to obtain industrial control equipment, unfavorable industrial control environment analysis and targeted protection, and unfavorable industrial control equipment statistics and management.
Active Publication Date: 2021-03-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 6 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004] An object of the present invention is to propose a detection method, device, computer equipment and readable storage medium for CIP assets, so as to solve the problem that the existing industrial control protection system cannot obtain industrial control equipment based on CIP protocol communication in the current environment, which is not conducive to The statistics and management of PLC and other industrial control equipment are not conducive to the analysis and targeted protection of the industrial control environment
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0059] This embodiment provides a method for detecting CIP assets. figure 1 is a flow chart of a method for detecting CIP assets according to an embodiment of the present application, such as figure 1 As shown, the process includes the following steps S101-S109:
[0060] Step S101, collecting network traffic and performing network image analysis to obtain an IP-MAC relationship pair, and obtaining a preset MAC address from the IP-MAC relationship pair;
[0061] Wherein, after the step of collecting network traffic and performing network image analysis to obtain an IP-MAC relationship pair, and taking a preset MAC address from the IP-MAC relationship pair, the method also includes:
[0062] Query whether there is an ARP response message in the database;
[0063] If yes, update the preset MAC address according to the response message information.
[0064] Step S102, judging whether the preset MAC address is unique in the database.
[0065] Wherein, after the step of judging ...
Embodiment 2
[0120] image 3 is a structural block diagram of a detection device for CIP assets according to an embodiment of the present application, such as image 3 As shown, the device includes:
[0121] Traffic analysis module: used to collect network traffic and perform network image analysis to obtain an IP-MAC relationship pair, and obtain a preset MAC address from the IP-MAC relationship pair;
[0122] MAC address uniqueness query module: used to determine whether the preset MAC address is unique in the database;
[0123] Network card manufacturer information query module: for if so, then query the OUI file of IEEE according to the preset MAC address to obtain network card manufacturer information;
[0124] Network card manufacturer judgment module: used to judge whether the network card manufacturer corresponding to the network card manufacturer information is an automation equipment manufacturer;
[0125] CIP protocol judging module: for if not, judging whether the device to ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention provides a CIP asset detection method and device, computer equipment and a readable storage medium, and the method comprises the steps: collecting network flow, carrying out the networkmirror image analysis to obtain an IPMAC relation pair, and taking a preset MAC address from the IPMAC relation pair; judging whether the preset MAC address is unique in a database or not; if so, querying an OUI file of the IEEE according to a preset MAC address to obtain network card manufacturer information; judging whether a network card manufacturer corresponding to the network card manufacturer information is an automatic equipment manufacturer or not; if not, judging whether the equipment to which the preset MAC address belongs is subjected to CIP protocol communication or not; if so, judging that the equipment to which the preset MAC address belongs is receiving equipment for receiving the instruction; and setting the equipment information with the nearest MAC distance as the equipment information of the receiving equipment. Based on deep analysis of the Ethernet/IP-CIP protocol, the CIP assets are identified in combination with the acquired message characteristics of the CIP protocol, statistics and management of industrial control equipment such as a PLC and a DCS are facilitated, and the method is used for performing analysis and targeted protection for the industrial control environment.
Description
technical field [0001] The invention relates to the field of industrial control, in particular to a detection method, device, computer equipment and readable storage medium of CIP assets. Background technique [0002] At present, with the development of the Internet and the reduction of the difficulty and cost of network attacks, industrial control systems have become the targets of today's cyber forces, hackers, and extremist forces, and these have also posed a huge threat to the security of our country. Therefore, in order to protect the industrial control system, it is necessary to carry out basic identification and statistics on the industrial control assets in the industrial environment through the management operation and maintenance personnel. [0003] However, in industrial networks, due to the complexity of production scenarios and the particularity of industrial protocols, there is no relevant protection system that can identify and count assets of the Ethernet / IP-...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more