Industrial control communication encryption system and method based on load balancing

Abstract

The invention discloses an industrial control communication encryption system and method based on load balancing, and the system comprises a configuration information collection module, a data processing center, an attack misjudgment prevention module, a related equipment positioning module, a transmission direction analysis module, and an encryption balance scheduling module. A configuration information acquisition module counts a current existing encryption mode and encryption strength grade data thereof, acquires initialization data refreshing time set when a load balancing server is added, and marks a normal change interval in which traffic is increased due to load balancing in an encryption process through an attack misjudgment prevention module. The encryption balance scheduling module compares and predicts whether the currently-adopted server is a common load balance server or a reverse proxy server according to the data transmission direction, and allocates a proper encryption mode according to the correspondingly-adopted server type and the encryption strength level, thereby avoiding the misjudgment of a communication attack phenomenon. And the data communication security is balanced while the load balancing is ensured.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a load balancing-based industrial control communication encryption system and method. Background technique [0002] Load balancing refers to assigning tasks to multiple operating units for execution, and multiple servers interact to complete work tasks, which can effectively expand the bandwidth of devices and servers, increase throughput, and thereby improve network data processing capabilities. In the process of industrial control communication, although a load balancing server is added, in order to ensure the security of communication between devices, the communication process needs to be encrypted. However, with the development of network technology, communication encryption methods and algorithms are becoming more and more diverse. Simply selecting the appropriate encryption method based on the communication process and protocol makes the security index of each data c...

AI Technical Summary

Problems solved by technology

[0002] Load balancing refers to assigning tasks to multiple operating units for execution, and multiple servers interact to complete work tasks, which can effectively expand the bandwidth of devices and servers, increase throughput, and thereby improve network data processing capabilities. In the process of industrial control communication, although a load balancing server is added, in order to ensure the security of communication between devices, the communication process needs to be encrypted. However, with the development of network technology, communication encryption methods and algorithms are becoming more and more diverse. Simply selecting the appropriate encryption method based on the communication process and protocol makes the security index of each data communication different, the anti-attack capability cannot be balanced, and the cost of communication encryption is increased. Due to the addition of different types of load balancing servers, some load After the balance server (such as: reverse proxy server) is added, the security of data communication has been improved to a certain extent. After joining the direction proxy server, there is no need for an encryption method that is too strong, depending on the strength level of the encryption method and the load used. The distribution of appropriate encryption methods for the balance server type is beneficial to balance the security of data communication while ensuring load balance; secondly, when adding a load balance server, due to the need for timely interaction between servers, it is necessary to ensure that data is updated in time, so that The address can be randomly assigned, and a small data refresh time needs to be set, which will greatly increase the traffic, appearing as if the communication is under attack, and may cause misjudgment. Marking the normal change range of the traffic during encryption can avoid misjudgment

Images