A load balancing-based industrial control communication encryption system and method

Abstract

The invention discloses an industrial control communication encryption system and method based on load balancing, comprising: a configuration information collection module, a data processing center, an attack prevention misjudgment module, a related equipment positioning module, a transmission direction analysis module and an encryption balance scheduling module, By configuring the information collection module to count the existing encryption methods and their encryption strength level data, collect the initialization data refresh time set when joining the load balancing server, and use the attack anti-misjudgment module to mark the increase in traffic due to load balancing during the encryption process According to the normal change range of the normal change range, the encryption balance scheduling module predicts that the currently used server is a common load balance server or a reverse proxy server based on the comparison of the data transmission direction, and allocates an appropriate encryption method according to the corresponding server type and encryption strength level, avoiding Misjudgment of communication attack phenomenon ensures load balance and data communication security is also balanced.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a load balancing-based industrial control communication encryption system and method. Background technique [0002] Load balancing refers to assigning tasks to multiple operating units for execution, and multiple servers interact to complete work tasks, which can effectively expand the bandwidth of devices and servers, increase throughput, and thereby improve network data processing capabilities. In the process of industrial control communication, although a load balancing server is added, in order to ensure the security of communication between devices, the communication process needs to be encrypted. However, with the development of network technology, communication encryption methods and algorithms are becoming more and more diverse. Simply selecting the appropriate encryption method based on the communication process and protocol makes the security index of each data c...

AI Technical Summary

Problems solved by technology

[0002] Load balancing refers to assigning tasks to multiple operating units for execution, and multiple servers interact to complete work tasks, which can effectively expand the bandwidth of devices and servers, increase throughput, and thereby improve network data processing capabilities. In the process of industrial control communication, although a load balancing server is added, in order to ensure the security of communication between devices, the communication process needs to be encrypted. However, with the development of network technology, communication encryption methods and algorithms are becoming more and more diverse. Simply selecting the appropriate encryption method based on the communication process and protocol makes the security index of each data communication different, the anti-attack capability cannot be balanced, and the cost of communication encryption is increased. Due to the addition of different types of load balancing servers, some load After the balance server (such as: reverse proxy server) is added, the security of data communication has been improved to a certain extent. After joining the direction proxy server, there is no need for an encryption method that is too strong, depending on the strength level of the encryption method and the load used. The distribution of appropriate encryption methods for the balance server type is beneficial to balance the security of data communication while ensuring load balance; secondly, when adding a load balance server, due to the need for timely interaction between servers, it is necessary to ensure that data is updated in time, so that The address can be randomly assigned, and a small data refresh time needs to be set, which will greatly increase the traffic, appearing as if the communication is under attack, and may cause misjudgment. Marking the normal change range of the traffic during encryption can avoid misjudgment

Images