Flow security analysis modeling method and system

A technology of safety analysis and modeling method, applied in the field of flow safety analysis modeling method and system, can solve problems such as hidden safety hazards of production equipment, and achieve the effect of improving impedance capability

Active Publication Date: 2021-05-14
山东维平信息安全测评技术有限公司
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the security detection of the industrial control industry, there are two common practices in the industry. One is to directly connect to the network equipment of the industrial control production system for intrusive detection and physical examination, which brings great security risks to the operation of production equipment. The traffic analysis is based on the statistical characteristics of the traffic to explain the periodicity. It does not go deep into the fields of the data packets and the memory and cache models stored in the fields to explore the security characteristics of the industrial control traffic.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow security analysis modeling method and system
  • Flow security analysis modeling method and system
  • Flow security analysis modeling method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] Embodiment 1 of the present invention proposes a flow security analysis and modeling method. The present invention adopts N-Tier layering. During the network flow transmission process using the industrial control protocol, the network flow is realized based on the network flow mirroring bypass system. No intrusive mirroring.

[0048] Such as figure 1 A flowchart of a traffic security analysis and modeling method in Embodiment 1 of the present invention is given;

[0049] In step S101, the protocols are pooled and classified into shared protocol pools and private protocol pools.

[0050] In step S102, according to different protocols, the traffic is imported into the protocol pool corresponding to the bypass traffic mirror, and the traffic is subjected to lossless compression processing, and a multi-level cache container is constructed with the network packet size as the threshold, and the cache containers of all levels are connected in series to form an array. Form a ...

Embodiment 2

[0068] Based on the traffic security analysis and modeling method proposed in Embodiment 1 of the present invention, Embodiment 2 of the present invention proposes a traffic security analysis and modeling system. Such as image 3 A schematic diagram of a traffic security analysis and modeling system in Embodiment 2 of the present invention is given. The system includes an industrial control network bypass module, a threat analysis module and a trusted root computing module;

[0069] The industrial control network bypass module is used to import traffic into the protocol pool corresponding to the bypass traffic mirror according to different protocols, compress the traffic in the protocol pool and put it into the cache; distribute the traffic for threat analysis;

[0070] The threat analysis module is used to analyze the content of the traffic packet and the frequency of the traffic packet to form a traffic threat model after the traffic is unpacked;

[0071] The root of trust...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a flow security analysis modeling method and system, and the method comprises: importing flow into a protocol pool corresponding to a bypass flow mirror image according to different protocols, compressing the flow in the protocol pool, and then putting the compressed flow into a cache; distributing flow to be used in threat analysis, wherein the threat analysis comprises that, after flow unpacking, flow packet content and flow packet frequency are respectively analyzed to form a flow threat model; and performing flow transmission on the flow threat model in an encryption and decryption manner through a trusted computing component, extracting feature information of abnormal flow, and performing model calculation on the feature information of current and future abnormal flow by adopting a machine learning and immunization method to form a flow security model. Based on the method, the invention also provides a flow security analysis modeling system. Layering is carried out in an N-Tier mode, and non-intrusive mirroring of the network flow is realized based on a network flow mirroring bypass system in a network flow transmission process using an industrial control protocol.

Description

technical field [0001] The invention belongs to the technical field of industrial control network security, in particular to a flow security analysis modeling method and system. Background technique [0002] During the operation of the industrial control production system, the firmware of various types of equipment communicates with each other through inherent protocols. Generally, common industrial control protocols contain a large number of command words, such as reading and writing data. The characteristics of the industrial control protocol are command-oriented, function-oriented, and polling-response. Attackers only need to master the protocol construction method and access the industrial control network to tamper with any data of the target device through the protocol. However, the custom functions agreed by advanced protocols often bring more threats to user safety. For example, the slave diagnosis command of the Modbus protocol will cause the slave device to switch t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06N3/00G06N20/00
CPCH04L63/1416H04L63/1425H04L69/18G06N3/006G06N20/00
Inventor 尚金龙卢黎芳马福艳刘伟
Owner 山东维平信息安全测评技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap