Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Industrial network endogenous security boundary protection method, device and architecture

A security boundary, industrial network technology, applied in electrical components, transmission systems, etc., can solve problems such as difficult to detect in time, illegal internal network transmission, and lack of comparison of single deployment, achieve good application prospects, improve the correctness of filtering and review, The effect of mitigating the threat of uncertainty

Pending Publication Date: 2021-08-20
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF7 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Due to the inherent static nature of conventional architecture and configuration methods, the current border protection technology mainly focuses on strengthening static confrontation capabilities. The main deficiency of industrial network border protection equipment is that defense attacks rely on accurate prior knowledge, and the long-term determinism after deployment In this state, the attacker can repeatedly try to attack. Once a flaw is found (such as a flaw in the filtering review logic that makes the pseudo-legal malicious payload packet escape inspection), it can be used effectively in the future; the main threat is that it may be implanted based on a specific payload. Vulnerabilities / backdoors, such as transmitting industrial control information to the outside or transmitting illegal control instructions to the internal network, etc.
However, the static nature of industrial network border protection equipment causes such vulnerabilities / backdoors to be effectively triggered for a long time, and the singleness of deployment causes a lack of comparison, making it difficult to detect in time. The similarity causes the breakthrough of one line of defense to be equivalent to the breakthrough of the entire line

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial network endogenous security boundary protection method, device and architecture
  • Industrial network endogenous security boundary protection method, device and architecture
  • Industrial network endogenous security boundary protection method, device and architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0032] An embodiment of the present invention provides a method for protecting an endogenous security boundary of an industrial network, see figure 1 As shown, it contains the following content:

[0033] S101. Collect production management network data traffic through network card monitoring, cache and distribute the data traffic to several heterogeneous filtering and review execution bodies;

[0034] S102. Use the filtering and reviewing executive body to filter and review the address, protocol, industrial control protocol and control parameters in the data flow, and output the review result;

[0035] S103. Perform a mimicry ruling on the review results output by several heterogeneous filtering and reviewing executi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an industrial network endogenous security boundary protection method, device and system, and the method comprises the steps: monitoring and collecting production management network data traffic through a network card, caching the data traffic, and distributing the data traffic to a plurality of heterogeneous filtering review executors; filtering and reviewing the address, the protocol, the industrial control protocol and the control parameter in the data flow by using a filtering and reviewing executor, and outputting a reviewing result; performing mimicry judgment on the review results output by the plurality of heterogeneous filtering review executors, and determining whether to forward the data traffic to the field control network based on the mimicry judgment results and discriminating the abnormal executors to dynamically schedule the executors for filtering and reviewing the data traffic to be online and offline. Aiming at security threats faced by the industrial network boundary protection equipment, a mimicry defense technology is combined, a filtering review function is stripped out, and the uncertainty threats caused by unknown vulnerabilities or backdoors of the industrial network boundary protection equipment are relieved through heterogeneous and redundancy filtering review execution bodies.

Description

technical field [0001] The invention belongs to the technical field of industrial network border protection, and in particular relates to a method, equipment and system for endogenous safety border protection of industrial networks. Background technique [0002] Industrial control systems generally adopt border protection methods to protect themselves. Under the development trend of digitization, intelligence, and networking, border protection devices such as gateways and firewalls are directly exposed to the connection border. Industrial network boundary protection is an important line of defense to protect industrial control systems. It provides access control and traffic filtering for connections in various areas within the industrial control network, and realizes the isolation and information exchange of networks with different security levels. However, due to the unavoidable loopholes in the development process, and the backdoors reserved for strategic purposes are usua...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0236H04L63/0209
Inventor 余飞魏强耿洋洋王允超
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com