Method and system for analyzing cyber threats on basis of physical network diagram of ship

The method and system for analyzing cyber threats in ship networks by synthesizing physical and logical diagrams address inaccuracies in manual analysis, providing objective and easy identification of non-identified systems and paths.

WO2026135296A1PCT designated stage Publication Date: 2026-06-25HANWHA OCEAN CO LTD (KR) +1

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
HANWHA OCEAN CO LTD (KR)
Filing Date
2025-12-18
Publication Date
2026-06-25

Smart Images

  • Figure KR2025022133_25062026_PF_FP_ABST
    Figure KR2025022133_25062026_PF_FP_ABST
Patent Text Reader

Abstract

The present invention relates to a method and a system for analyzing cyber threats on the basis of a physical network diagram of a ship, and proposes a method and a system for analyzing cyber threats on the basis of a physical network diagram of a ship, wherein cyber threats can be analyzed on the basis of a network diagram, and by generating information by synthesizing physical and logical network diagrams and analyzing the difference therebetween, risk assessment based on the physical and logical network diagrams can be achieved.
Need to check novelty before this filing date? Find Prior Art

Description

Method and System for Analyzing Cyber ​​Threats Based on Ship Physical Network Diagrams

[0001] The present invention relates to a method and system for analyzing cyber threats based on a ship physical network diagram.

[0002] In the past, when analyzing cyber threats to ship networks, cyber risk analysis was performed manually by humans.

[0003] Therefore, there were problems with accuracy and objectivity when humans manually analyzed cyber risks, as it included individual subjectivity.

[0004] A related prior art is Korean registered patent 10-2578059 (September 13, 2023).

[0005] The objective of the present invention is to provide a method and system for analyzing cyber threats based on a ship's physical network diagram, which enables cyber threat analysis based on a network diagram, generates information by synthesizing physical and logical network diagrams, and enables risk assessment based on physical and logical diagrams.

[0006] A method for analyzing cyber threats based on a ship physical network diagram according to one aspect of the present invention for achieving the above technical problem may include: an import step of loading ship drawing data from an import unit into a cyber threat analysis terminal; a diagram configuration step of configuring a physical network diagram in a diagram unit based on the imported data; a mapping step of mapping a physical network diagram and a logical network diagram configured through the diagram configuration step in a mapping unit; an analysis step of analyzing the difference between the physical network diagram and the logical network diagram mapped through the mapping step in an analysis unit; and a cyber risk assessment step of performing a cyber risk assessment based on the physical network diagram and the logical network diagram in a cyber risk assessment unit through the analysis step.

[0007] In addition, in a method for analyzing cyber threats based on a ship physical network diagram according to one aspect of the present invention, the mapping step may include: an operation step of operating a packet generator at nodes at the start and end of a physical network; a comparison step of comparing the destination path of a packet generated through the operation step with a physical network diagram; a logical network diagram configuration step of configuring a logical network diagram based on data compared through the comparison step; and an information generation step of synthesizing the logical network diagram configured through the logical network diagram configuration step with the physical network diagram to generate information.

[0008] In addition, in the cyber threat analysis method based on a ship physical network diagram according to one aspect of the present invention, the cyber risk assessment step may be indicated by a dotted line when a non-identified CBS or non-identified path is discovered, so as to be distinguished from the normal network.

[0009] In addition, a cyber threat analysis system based on a ship physical network diagram according to another aspect of the present invention may include: an import unit that loads ship drawing data into a cyber threat analysis terminal; a diagram unit that constructs a physical network diagram based on the data imported from the import unit; a mapping unit that maps the physical network diagram constructed in the diagram unit to a logical network diagram; an analysis unit that analyzes the difference between the physical network diagram and the logical network diagram mapped through the mapping unit; and a cyber risk assessment unit that performs a cyber risk assessment based on the physical network diagram and the logical network diagram through the analysis unit.

[0010] In addition, in a cyber threat analysis system based on a ship physical network diagram according to another aspect of the present invention, the mapping unit operates a packet generator at the nodes of the physical network start and end, compares the destination path of the generated packet with the physical network diagram, constructs a logical network diagram based on the compared data, and can generate information by synthesizing the constructed logical network diagram and the physical network diagram.

[0011] In addition, according to another aspect of the present invention, the cyber threat analysis system based on a ship physical network diagram may have the cyber risk assessment unit indicate non-identified CBS and non-identified paths with a dotted line when discovered, so as to distinguish them from the normal network.

[0012] According to the present invention, cyber threat analysis based on network diagrams is possible, and by synthesizing physical and logical network diagrams to generate information and analyzing the differences, risk assessment based on physical and logical diagrams is possible, and the user has the effect of being able to easily identify.

[0013] FIG. 1 is a flowchart illustrating a method for analyzing cyber threats based on a ship physical network diagram according to one embodiment of the present invention.

[0014] FIG. 2 is a diagram showing the configuration of a cyber threat analysis system based on a ship physical network diagram according to one embodiment of the present invention.

[0015] FIG. 3 is a diagram showing a ship network diagram according to one embodiment of the present invention.

[0016] Detailed information regarding the purpose, technical configuration, and the resulting operation and effects of the present invention will be more clearly understood through the detailed description based on the drawings attached to the specification of the present invention.

[0017] The terms used in this specification are used merely to describe specific embodiments and are not intended to limit the invention. For example, terms such as "composed of" or "comprising" used in this specification should not be interpreted as necessarily including all of the various components or steps described in the invention, but should be interpreted as excluding some of the components or steps, or potentially including additional components or steps. Furthermore, singular expressions used in this specification include plural expressions unless the context clearly indicates otherwise.

[0018] The present invention will be described in detail below by explaining preferred embodiments with reference to the attached drawings. The embodiments described below are provided to enable those skilled in the art to easily understand the technical concept of the present invention, and should not be interpreted as limiting the present invention; it is obvious to those skilled in the art that the embodiments of the present invention can have various applications.

[0019] With reference to FIGS. 1 to 3, we will examine the method and system for analyzing cyber threats based on a ship physical network diagram according to the present invention.

[0020] First, as illustrated in FIG. 1, the method for analyzing cyber threats based on a physical network diagram of a ship according to the present invention may include an import step (S101) of importing ship drawing data from an import unit to a cyber threat analysis terminal, a diagram configuration step (S102) of configuring a physical network diagram in a diagram unit based on the imported data, a mapping step (S103) of mapping the physical network diagram and the logical network diagram configured through the diagram configuration step (S102) in a mapping unit, an analysis step (S108) of analyzing the difference between the physical network diagram and the logical network diagram mapped through the mapping step (S103) in an analysis unit, and a cyber risk assessment step (S109) of performing a cyber risk assessment based on the physical network diagram and the logical network diagram through the analysis step in a cyber risk assessment unit.

[0021] The import step (S101) imports drawing data including the ship's cables and power, etc., into a terminal of the ship physical network diagram-based cyber threat analysis system, and the diagram configuration step (S102) configures a physical network diagram based on the data imported in the import step (S101).

[0022] The mapping step (S103) maps a physical network diagram and a logical network diagram and may include an operation step (S104) of operating a packet generator at the nodes of the physical network start and end, a comparison step (S105) of comparing the destination path of the packet generated through the operation step (S104) with the physical network diagram, a logical network diagram configuration step (S106) of configuring a logical network diagram based on the data compared through the comparison step (S105), and an information generation step (S107) of synthesizing the logical network diagram configured through the logical network configuration step (S106) with the physical network diagram to generate information.

[0023] In addition, the analysis step (S108) can identify non-identified Computer Based Systems (CBS) and non-identified paths by analyzing the differences between the physical network diagram and the logical network diagram.

[0024] In addition, the cyber risk assessment step (S109) may display the CBS and path with a dotted line when a non-identified CBS or non-identified path is discovered, so that they are distinguished from the normal network.

[0025] In addition, the cyber risk assessment step (S109) can display the CBS and path in a different color from the identified CBS and path when non-identified CBS and non-identified path are discovered so that they can be easily distinguished (e.g., identified CBS and path in green, non-identified CBS and path in red).

[0026] Additionally, a cyber threat analysis system based on a physical network diagram of a ship according to another aspect of the present invention may include, with reference to FIG. 2, an import unit (110) that loads ship drawing data into a cyber threat analysis terminal, a diagram unit (120) that configures a physical network diagram based on the data imported from the import unit (110), a mapping unit (130) that maps the physical network diagram configured in the diagram unit to a logical network diagram, an analysis unit (140) that analyzes the difference between the physical network diagram and the logical network diagram mapped through the mapping unit (130), and a cyber risk evaluation unit (150) that performs a cyber risk evaluation based on the physical network diagram and the logical network diagram through the analysis unit (140).

[0027] Additionally, the mapping unit (130) can operate a packet generator (131) at the nodes of the physical network start and end, compare the destination path of the generated packet with the physical network diagram (132); construct a logical network diagram (133) based on the compared data, and generate information (134) by synthesizing the constructed logical network diagram and the physical network diagram.

[0028] That is, the mapping unit (130) may include a packet generation unit (131), a comparison unit (132), a logical network diagram configuration unit (133), and an information generation unit (134).

[0029] In addition, the analysis unit (140) can analyze the difference between the physical network diagram and the logical network diagram to identify the non-identified CBS (Computer Based System) and the non-identified path.

[0030] In addition, the cyber risk assessment unit (150) can be distinguished from the normal network by displaying a non-identifying CBS and a non-identifying path with a dotted line when they are discovered.

[0031] FIG. 3 is a diagram showing a ship network diagram according to an embodiment of the present invention. Through the physical network diagram, connections and paths between a plurality of CBSs can be verified, and through the logical network diagram, network paths according to the process of start and end can be verified and compared.

[0032] This allows for the analysis and verification of non-identifiable CBSs and paths, enabling users to easily recognize and identify non-identifiable CBSs and network paths.

[0033] The embodiments according to the present invention described above may be implemented in the form of program instructions that can be executed through various computer components and recorded on a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, etc., either individually or in combination. The program instructions recorded on the computer-readable recording medium may be those specifically designed and configured for the present invention or those known and available to those skilled in the art of computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes; optical recording media such as CD-ROMs and DVDs; magneto-optical media such as floptical disks; and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, and flash memory. Examples of program instructions include machine code, such as that generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter, etc. Hardware devices may be modified into one or more software modules to perform processing according to the present invention, and vice versa.

[0034] The embodiments described above are provided to enable those skilled in the art to easily understand the technical concept of the present invention, and should not be interpreted as limiting the present invention. It is obvious to those skilled in the art that the embodiments of the present invention can be modified and varied in various ways without departing from the spirit and scope of the present invention. Accordingly, such modifications or variations should be deemed to fall within the scope of the claims of the present invention.

[0035] 100: Ship Physical Network Diagram-Based Cyber ​​Threat Analysis System

[0036] 110: Import section

[0037] 120: Diagram section

[0038] 130: Mapping section

[0039] 140: Analysis Department

[0040] 150: Cyber ​​Risk Assessment Department

Claims

1. An import step of loading ship drawing data from the import section into a cyber threat analysis terminal; A diagram configuration step for configuring a physical network diagram in the diagram section based on the above-mentioned imported data; A mapping step for mapping the physical network diagram and the logical network diagram configured through the above diagram configuration step in the mapping unit; An analysis step in which the analysis unit analyzes the difference between the physical network diagram and the logical network diagram mapped through the above mapping step; and A method for analyzing cyber threats based on a ship's physical network diagram, comprising a cyber risk assessment step in which a cyber risk assessment based on a physical network diagram and a logical network diagram is performed by a cyber risk assessment department through the analysis step described above.

2. In Claim 1, The above mapping step is, Operation step of operating a packet generator at the physical network start and end nodes; A comparison step that compares the destination path of a packet generated through an operation step with a physical network diagram; A logical network diagram configuration step for configuring a logical network diagram based on data compared through a comparison step; and A method for analyzing cyber threats based on a ship physical network diagram, comprising an information generation step that generates information by synthesizing a logical network diagram configured through the above logical network diagram configuration step and a physical network diagram.

3. In Claim 1, The above cyber risk assessment step is a cyber threat analysis method based on a ship physical network diagram, wherein a non-identifiable CBS is used and a non-identifiable path is indicated by a dotted line when discovered, so as to distinguish it from the normal network.

4. An import section for loading ship drawing data into a cyber threat analysis terminal; A diagram section that constructs a physical network diagram based on data imported from the above import section; A mapping unit that maps the physical network diagram and the logical network diagram configured in the above diagram unit; An analysis unit that analyzes the difference between the physical network diagram and the logical network diagram mapped through the above mapping unit; and A ship physical network diagram-based cyber threat analysis system comprising a cyber risk assessment unit that performs a cyber risk assessment based on a physical network diagram and a logical network diagram through the analysis unit.

5. In Claim 4, The above mapping unit is, Operate a packet generator at the nodes at the start and end of the physical network, and compare the destination path of the generated packet with the physical network diagram; A ship physical network diagram-based cyber threat analysis system that constructs a logical network diagram based on compared data, and generates information by synthesizing the constructed logical network diagram and the physical network diagram.

6. In Claim 4, The above cyber risk assessment unit is a ship physical network diagram-based cyber threat analysis system that displays non-identifiable CBS and non-identifiable paths with dotted lines to distinguish them from normal networks.