Industrial anomaly monitoring method and device, computer equipment and readable storage medium

An anomaly monitoring and industrial technology, applied in the fields of computer equipment and readable storage media, devices, and industrial anomaly monitoring methods, can solve problems such as incomplete monitoring, vulnerable industrial systems, and in-depth protocol analysis, so as to avoid intrusion attacks. Effect

Active Publication Date: 2021-03-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF11 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] An object of the present invention is to propose an industrial anomaly monitoring method, device, computer equipment and readable storage medium to solve the problem that the existing industrial control protection method cannot be combined with the actual environment, and the analysis of the protocol is not deep, so that Monitoring is not comprehensive and industrial systems are vulnerable to attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial anomaly monitoring method and device, computer equipment and readable storage medium
  • Industrial anomaly monitoring method and device, computer equipment and readable storage medium
  • Industrial anomaly monitoring method and device, computer equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] This embodiment provides an industrial abnormality monitoring method. figure 1 is a flow chart of an industrial abnormality monitoring method according to an embodiment of the present application, such as figure 1 As shown, the process includes the following steps S101-S107:

[0045] Step S101, collecting packet data of the Ethernet / IP-CIP protocol monitoring port.

[0046] Wherein, the packet data of the Ethernet / IP-CIP protocol monitoring port includes explicit packets and implicit packets.

[0047] Step S102, analyzing the message data to obtain the Ethernet / IP message header.

[0048] Wherein, before the step of analyzing the message data to obtain the Ethernet / IP message header, all message data is filtered through the port to filter out the CIP protocol message.

[0049] Step S103, judging whether the protocol is compliant according to the packet header;

[0050] Step S104, if it complies with the regulations, perform in-depth analysis of the CIP protocol to o...

Embodiment 2

[0087] image 3 is a structural block diagram of an industrial anomaly monitoring device according to an embodiment of the present application, such as image 3 As shown, the device includes:

[0088] Data collection module: used to collect the message data of Ethernet / IP-CIP protocol monitoring port.

[0089] Application layer parsing module: used to parse the packet data to obtain the Ethernet / IP packet header.

[0090] Protocol compliance judging module: used to judge whether the protocol is compliant according to the packet header.

[0091] Application layer protocol analysis module: used to conduct in-depth analysis of the CIP protocol to obtain the instruction code and process parameters under the instruction code if it complies with the regulations.

[0092] Whitelist generation module: used to generate a CIP protocol whitelist based on the command code and process parameters under the command code combined with ip, port, and protocol type, and set whitelist rules ac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an industrial anomaly monitoring method and device, computer equipment and a readable storage medium. The method comprises the following steps: collecting message data of an Ethernet/IP-CIP protocol monitoring port; analyzing the message data to obtain an Ethernet/IP message header; judging whether the protocol is compliant or not according to the message header; if yes, performing deep analysis of the CIP protocol to obtain an instruction code and process parameters under the instruction code; generating a CIP protocol white list according to the instruction code and the process parameters under the instruction code in combination with the ip, the port and the protocol type, and setting a white list rule according to the CIP protocol white list; and collecting real-time message data, and judging whether the ip, the port and the application layer protocol of the real-time message data and the process parameters under the instruction code obtained after analysis are matched with the white list rule or not. The abnormal operation attack behavior of the industrial environment is identified through deep analysis of an Ethernet/IP-CIP protocol, in combination withthe specific content and behavior of a CIP protocol message and intelligent matching of field key process data.

Description

technical field [0001] The invention relates to the field of industrial control, in particular to an industrial abnormality monitoring method, device, computer equipment and readable storage medium. Background technique [0002] At present, with the development of the Internet and the reduction of the difficulty and cost of network attacks, industrial control systems have become the targets of today's cyber forces, hackers, and extremist forces, and these have also posed a huge threat to the security of our country. Therefore, it is necessary to take some necessary industrial control protection measures to ensure the safety of industrial control. [0003] In industrial networks, a common attack method is to send non-compliant protocol fields, causing PLC and other industrial control equipment to be in an abnormal working state, causing the shutdown of the factory or causing damage to the equipment to achieve the purpose of the attack. However, in the new industrial era, att...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1416H04L63/0236H04L63/0263Y02P90/02
Inventor 张大磊范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap