Cross-domain functional security anomaly detection tracing method based on non-embedded probe

Abstract

The invention provides a cross-domain function security anomaly detection tracing method based on a non-embedded probe, and the method comprises the following steps: 1, constructing a non-intrusive cross-domain monitoring probe of a network mirror image at core network equipment of a network collaborative manufacturing platform, and under the condition that the normal business operation of the collaborative platform is not affected, effectively collecting various types of abnormal data associated with function security; 2, establishing timely data information trace storage of data collected by each node based on a distributed consensus mechanism, establishing a multi-node distributed consensus alliance trust group in sequence, after verification is passed, enabling the nodes to use the consensus mechanism to add the security interaction information to a locally stored data set, and completing sharing of the security interaction information; and 3, performing real-time perspective monitoring association analysis and comparison analysis on multi-dimensional data of packets, streams, files, protocol metadata, network behaviors and file behaviors through a deep intelligent association analysis technology, and matching with an abnormal function security model.

Description

Technical field[0001]The present invention belongs to the domain inter-domain heterogeneous IT / OT network synergistic field of information security, which involves a cross-domain function safety abnormality detection traceability method based on non-embedded probes.Background technique[0002]Collaborative manufacturing is the modern manufacturing model of the 21st century. Collaborative manufacturing refers to the use of advanced network technology and information technology, transforming serial manufacturing processes into parallel manufacturing processes, achieving internal and cross-control chains, design, manufacturing, management, commerce, etc. The production model of cooperation is ultimately achieved by changing business models to achieve efficient use of resources. However, under the network synergy, the massive cross-domain equipment and system have a wide variety, the equipment connection is complex, and the collaborative network has great security hazards. Tiny function...

AI Technical Summary

Problems solved by technology

[0004] The invention solves the problem by overcoming the deficiencies of the existing technology, aiming at that in the process of network collaborative manufacturing, it is difficult to reuse and utilize a large number of special equipment / system abnormality monitoring tools customized in the traditional design and manufacturing fields, and accurately record the abnormal data generated by cross-domain entities In order to deal with problems such as complexity and difficulty in traceability, a cross-domain functional safety anomaly detection and traceability method based on non-embedded probes and distributed consensus is proposed. Under the premise of the normal business operation of the collaborative platform, effectively collect various abnormal data associated with functional safety; through the establishment of an alliance group based on a distributed consensus mechanism, collect the network data of each node in the IT information network layer, OT center control layer, and OT equipment layer. Store the data information in a timely manner; use the data that has been uploaded to the chain to perform multi-dimensional correlation data detection and analysis, realize the precise positioning of functional safety anomalies, and efficiently trace the source of functional safety anomalies in the collaborative network

Images