Method for real-time industrial control passive identification of Rokwell equipment

A technology of Rockwell and equipment, applied in the field of real-time industrial control passive identification of Rockwell equipment, can solve the problems of affecting main network communication, main network attack, and untargeted accurate identification method of Rockwell equipment, etc.

Active Publication Date: 2021-11-19
CHINA PETROLEUM & CHEM CORP +1
View PDF9 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Industrial control equipment identification is divided into active identification and passive identification. Active identification has the following problems. First, active identification requires active detection to obtain device information, but if the assembly of the detection package is not known, the device cannot be identified; second, active identification requires Access to the main network will affect the communication of the main network when sending detection packets, and may cause attacks on the main network, and if some main networks are equipped with firewalls for security, active identification cannot be performed; third, active identification cannot Knowing the operating equipment and the equipment being operated, only detect the equipment that conforms to the active identification strategy, and the application has limitations; for example, the Chinese patent CN 106487879A is a network equipment identification method and device based on the equipment fingerprint database, and its identification method is Active identification, the identification method can only send messages for active detection, once the device is turned on the firewall will not be able to detect the device, and regular expressions cannot accurately analyze the application protocol of industrial control equipment
[0003] In addition, the current passive identification devices generally go up to the transport layer, and the identification content is only for the operating system, manufacturer, and port service, an...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for real-time industrial control passive identification of Rokwell equipment
  • Method for real-time industrial control passive identification of Rokwell equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] A real-time method for industrial control to passively identify Rockwell equipment, such as figure 1 shown, including the following steps:

[0065] ⑴Preset Rockwell fingerprint library;

[0066] (2) Preliminary analysis of messages: collect traffic data in the network environment, analyze datagrams, extract source ip, source port, destination ip, destination port, ENIP, CIP protocol information; if the above information cannot be extracted, it means that the message has no valid information , filter the message, and do not continue to process the message;

[0067] (3) Backup of basic equipment information: analyze the ENIP and CIP protocols, and determine whether the equipment is a Rockwell equipment by analyzing the first three bytes OUI of the MAC address of the equipment:

[0068] If so, store the source ip and destination ip as asset ip in the device cache, and preliminarily judge that the asset belongs to Rockwell PLC and Rockwell operator station according to th...

Embodiment 2

[0074] Adopt the method for the real-time industrial control passive identification Rockwell equipment of embodiment 1, wherein the specific process of step (1) preset Rockwell fingerprint storehouse is:

[0075] Extract key information from all Rockwell devices in the public network, encode the types and series of these devices, set rules for matching message application layer information, and form a fingerprint library.

Embodiment 3

[0077] Adopt the method for the real-time industrial control passive identification Rockwell equipment of embodiment 1, wherein the specific process of step (1) preset Rockwell fingerprint storehouse is:

[0078] Extract key information from all Rockwell devices in the public network, encode the types and series of these devices, set rules for matching message application layer information, and form a fingerprint library;

[0079] The specific operation steps of step ⑶ are:

[0080] Preliminary analysis of the first two bytes of the application layer of the ENIP protocol. If these two bytes belong to the Rockwell command, and the source or destination port in the message is 44818, it means that there is a Rockwell device in the message. The flow generated by the operation; the ip corresponding to port 44818 in the message is Rockwell PLC, and the other ip is tentatively designated as the Rockwell operator station; if the operation flow is recognized at the same time, it means ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for real-time industrial control passive identification of Rokwell equipment, and relates to the technical field of asset equipment identification, and the method comprises the following steps: presetting a Rokwell fingerprint database; preliminarily analyzing the message; backing up equipment basic information; deeply analyzing the message; continuously identifying engineer stations; and comparing a fingerprint database to obtain equipment information. According to the real-time industrial control method for passively identifying the Rockwell equipment, a fingerprint database is unique characteristics of the Rockwell industrial control equipment, such as brands, series, matching word strings and separators, and besides identifying an operating system, manufacturers and port services, the model, sequence codes and PLC version information of the equipment can also be identified; and through passive identification, an application layer message of a Rokwell communication protocol is analyzed, and the message is analyzed according to different function codes so as to obtain correct equipment information.

Description

technical field [0001] The invention relates to the technical field of asset equipment identification, in particular to a method for real-time industrial control passive identification of Rockwell equipment. Background technique [0002] Industrial control equipment identification is divided into active identification and passive identification. Active identification has the following problems. First, active identification requires active detection to obtain device information, but if the assembly of the detection package is not known, the device cannot be identified; second, active identification requires Access to the main network will affect the communication of the main network when sending detection packets, and may cause attacks on the main network, and if some main networks are equipped with firewalls for security, active identification cannot be performed; third, active identification cannot Knowing the operating equipment and the equipment being operated, only detec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0876H04L63/1425Y02P90/02
Inventor 赵文亮王娟于洋沙宗奇王成香丰晓红檀世琛
Owner CHINA PETROLEUM & CHEM CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap