A traffic security analysis modeling method and system

A technology of safety analysis and modeling method, applied in the field of flow safety analysis modeling method and system, can solve problems such as hidden safety hazards of production equipment, and achieve the effect of improving impedance capability

Active Publication Date: 2022-04-08
山东维平信息安全测评技术有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the security detection of the industrial control industry, there are two common practices in the industry. One is to directly connect to the network equipment of the industrial control production system for intrusive detection and physical examination, which brings great security risks to the operation of production equipment. The traffic analysis is based on the statistical characteristics of the traffic to explain the periodicity. It does not go deep into the fields of the data packets and the memory and cache models stored in the fields to explore the security characteristics of the industrial control traffic.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A traffic security analysis modeling method and system
  • A traffic security analysis modeling method and system
  • A traffic security analysis modeling method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] Embodiment 1 of the present invention proposes a flow security analysis and modeling method. The present invention adopts N-Tier layering. During the network flow transmission process using the industrial control protocol, the network flow is realized based on the network flow mirroring bypass system. No intrusive mirroring.

[0048] Such as figure 1 A flowchart of a traffic security analysis and modeling method in Embodiment 1 of the present invention is given;

[0049] In step S101, the protocols are pooled and classified into shared protocol pools and private protocol pools.

[0050] In step S102, according to different protocols, the traffic is imported into the protocol pool corresponding to the bypass traffic mirror, and the traffic is subjected to lossless compression processing, and a multi-level cache container is constructed with the network packet size as the threshold, and the cache containers of all levels are connected in series to form an array. Form a ...

Embodiment 2

[0068] Based on the traffic security analysis and modeling method proposed in Embodiment 1 of the present invention, Embodiment 2 of the present invention proposes a traffic security analysis and modeling system. Such as image 3 A schematic diagram of a traffic security analysis and modeling system in Embodiment 2 of the present invention is given. The system includes an industrial control network bypass module, a threat analysis module and a trusted root computing module;

[0069] The industrial control network bypass module is used to import traffic into the protocol pool corresponding to the bypass traffic mirror according to different protocols, compress the traffic in the protocol pool and put it into the cache; distribute the traffic for threat analysis;

[0070] The threat analysis module is used to analyze the content of the traffic packet and the frequency of the traffic packet to form a traffic threat model after the traffic is unpacked;

[0071] The root of trust...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a traffic security analysis and modeling method and system. The method includes: importing traffic into a protocol pool corresponding to a bypass traffic mirror according to different protocols, and compressing the traffic in the protocol pool and putting it into a cache The traffic distribution is used for threat analysis. The threat analysis includes analyzing the content and frequency of the traffic packets to form a traffic threat model after unpacking the traffic. The trusted computing component encrypts and decrypts the traffic threat model. The method realizes traffic transmission, and at the same time extracts the characteristic information of abnormal traffic, adopts the method of machine learning and immunity to model the current and future abnormal traffic characteristic information to form a traffic security model. Based on this method, a traffic safety analysis and modeling system is also proposed. The present invention adopts the N-Tier method for layering, and in the network traffic transmission process using the industrial control protocol, based on the network traffic mirror bypass system, non-invasive mirroring of the network traffic is realized.

Description

technical field [0001] The invention belongs to the technical field of industrial control network security, in particular to a flow security analysis modeling method and system. Background technique [0002] During the operation of the industrial control production system, the firmware of various types of equipment communicates with each other through inherent protocols. Generally, common industrial control protocols contain a large number of command words, such as reading and writing data. The characteristics of the industrial control protocol are command-oriented, function-oriented, and polling-response. Attackers only need to master the protocol construction method and access the industrial control network to tamper with any data of the target device through the protocol. However, the custom functions agreed by advanced protocols often bring more threats to user safety. For example, the slave diagnosis command of the Modbus protocol will cause the slave device to switch t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L69/18G06N3/00G06N20/00
CPCH04L63/1416H04L63/1425H04L69/18G06N3/006G06N20/00
Inventor 尚金龙卢黎芳马福艳刘伟
Owner 山东维平信息安全测评技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap