CN108521423A - HWIL simulation industry control network target range system - Google Patents

HWIL simulation industry control network target range system Download PDF

Info

Publication number
CN108521423A
CN108521423A CN201810314835.2A CN201810314835A CN108521423A CN 108521423 A CN108521423 A CN 108521423A CN 201810314835 A CN201810314835 A CN 201810314835A CN 108521423 A CN108521423 A CN 108521423A
Authority
CN
China
Prior art keywords
industrial
control
control data
industry control
industry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810314835.2A
Other languages
Chinese (zh)
Inventor
袁键
蔡艳林
施靖萱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Hengtong Industrial Control Safety Research Institute Co Ltd
Original Assignee
Jiangsu Hengtong Industrial Control Safety Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Hengtong Industrial Control Safety Research Institute Co Ltd filed Critical Jiangsu Hengtong Industrial Control Safety Research Institute Co Ltd
Priority to CN201810314835.2A priority Critical patent/CN108521423A/en
Publication of CN108521423A publication Critical patent/CN108521423A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Medical Informatics (AREA)
  • Programmable Controllers (AREA)

Abstract

The present invention provides a kind of HWIL simulation industry control network target range systems, are related to industry control network field of information security technology, including:Industrial switch, PLC controller, engineer station, industrial control data ferry-boat system in babinet and babinet and industry control fire wall;Engineer station, for send carry attack information control data bag give the industrial control data ferry system;Industrial control data ferry-boat system, for carrying out security isolation between the different brackets network where engineer station and industrial switch, and when the packet header of the control data bag and backpack body meet and preset safety condition, control data bag is sent to the industrial switch;Industry control fire wall is deployed between PLC controller and industrial switch, for being intercepted to control data bag when detecting attack information.The present invention meets the needs of security isolation to provide a kind of industry control network target range system applied to industrial control system, improves security risk assessment ability and attack and defense training ability.

Description

HWIL simulation industry control network target range system
Technical field
The present invention relates to industry control network field of information security technology, more particularly, to a kind of HWIL simulation industry control network target Field system.
Background technology
Currently, the critical infrastructures for being related to national economy more than 80% realize automation by industrial control system Operation, therefore industrial control system has become the important component of national critical infrastructures.With automation, computer And the rapid development of Internet technology, network can be opened increasingly, and industrial control system product it is more and more using puppy parc, it is logical The information security of industrial control system is caused to face so that industrial control system is in open state with hardware and common software Very big threat, for example, the A equipment that a USB flash disk being infected may insert it into and the B device communicated with A equipment It is infected, and then entire factory is caused to be unable to operate normally.
Invention content
In view of this, the purpose of the present invention is to provide a kind of HWIL simulation industry control network target range system, it is existing to alleviate Some industrial control networks face safely the technical problems such as very big threat.
In a first aspect, an embodiment of the present invention provides a kind of HWIL simulation industry control network target range systems, including:Babinet, And industrial switch, PLC controller, engineer station, industrial control data ferry-boat system and the industry control being set in the babinet are prevented Wall with flues;
The engineer station, for send carry attack information control data bag give the industrial control data ferry-boat system System;
The industrial control data ferry-boat system, for the different brackets where the engineer station and the industrial switch Security isolation is carried out between network, and presets safety condition when the packet header and backpack body of the control data bag meet When, the control data bag is sent to the industrial switch;
The industry control fire wall is deployed between the PLC controller and the industrial switch, in the control It detects to intercept the control data bag when attack information in data packet.
With reference to first aspect, an embodiment of the present invention provides the first possible embodiments of first aspect, wherein institute Stating industrial control data ferry-boat system includes:Intranet machine, light one-way isolation component and outer net machine;
The outer net machine is connect with the engineer station, and the Intranet machine is connect with the industrial switch;
The smooth one-way isolation component, the data packet for the satisfaction obtained from the outer net machine to be preset to safety condition It is sent to the Intranet machine.
With reference to first aspect, an embodiment of the present invention provides second of possible embodiments of first aspect, wherein institute Stating light one-way isolation component includes:The light unidirectional emission device being connect with the outer net machine and the light list being connect with the Intranet machine To receiver.
With reference to first aspect, an embodiment of the present invention provides the third possible embodiments of first aspect, wherein also Including:The industry control O&M auditing system that is deployed in first server and in the electronical display being connect with the first server Device;
The industry control O&M auditing system is connect with the industrial switch, for anti-to the industry control in industrial network The operation of the O&M of wall with flues and the industrial switch is audited;
The electronic console, the audit information sent for receiving and showing the industry control O&M auditing system.
With reference to first aspect, an embodiment of the present invention provides the 4th kind of possible embodiments of first aspect, wherein also Including:The information security supervising platform being deployed on second server;
Described information security control platform is connect with the industrial switch, for receiving the industry control fire wall, described The warning information that industrial control data ferry-boat system and each system of the industry control O&M auditing system are sent, and according to the warning information Generate counte-rplan;
The second server is connect with the electronic console, for sending out the warning information and the counte-rplan The electronic console is given, so that the electronic console shows the warning information and the counte-rplan.
With reference to first aspect, an embodiment of the present invention provides the 5th kind of possible embodiments of first aspect, wherein institute It states electronic console also to connect with the industry control fire wall, for receiving and showing that the attack that the fire wall is sent intercepts letter Breath.
With reference to first aspect, an embodiment of the present invention provides the 6th kind of possible embodiments of first aspect, wherein institute It states in engineer station, the first server and the second server and is deployed with industrial control host guard system;
The industrial control host guard system prevents malicious code from propagating and run for creating industry control white ring border.
With reference to first aspect, an embodiment of the present invention provides the 7th kind of possible embodiments of first aspect, wherein institute It states PLC controller to connect at least one of industry spot industrial equipment by I/O modules, for receiving the industrial equipment Operation information.
With reference to first aspect, an embodiment of the present invention provides the 8th kind of possible embodiments of first aspect, wherein also Including:Human-computer interaction device;
The human-computer interaction device connect with the industrial switch, for receiving the described of the industrial switch transmission The operation information and sending device control instruction of industrial equipment give the industrial switch, so that the industrial switch is sent out It send the equipment control instruction to the PLC controller, and then the PLC controller is made to send the equipment control instruction to waiting for Control industrial equipment.
With reference to first aspect, an embodiment of the present invention provides the 9th kind of possible embodiments of first aspect, wherein institute It is upper and lower fastening structure to state babinet, and the bottom of box is provided with mobile device.
The embodiment of the present invention brings following advantageous effect:The purpose of the present invention is to provide a kind of HWIL simulation industry controls Network target range system, to provide the industry control network target range system under a kind of hardware-in-the-loop environment applied to industrial control system System carries out security test demand by target range system, reaches and meet the needs of security isolation, improves security risk assessment energy Power and attack and defense training ability.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The purpose of the present invention and other advantages are in specification, claims And specifically noted structure is realized and is obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment cited below particularly, and coordinate Appended attached drawing, is described in detail below.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, other drawings may also be obtained based on these drawings.
Fig. 1 is the structural schematic diagram of HWIL simulation industry control network provided in an embodiment of the present invention target range system;
Fig. 2 is the structural schematic diagram of industrial control data provided in an embodiment of the present invention ferry-boat system;
Fig. 3 is the structural schematic diagram for the HWIL simulation industry control network target range system that another embodiment of the present invention provides;
Fig. 4 is the structural schematic diagram for the HWIL simulation industry control network target range system that another embodiment of the present invention provides.
Icon:
101- engineer stations;102- industrial control datas ferry-boat system;103- industrial switch;104 industry control fire walls;105- PLC controller;106- industrial equipments;107- first servers;108- second servers;109- electronic consoles;110- is man-machine Interactive device.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, shall fall within the protection scope of the present invention.
Explanation of nouns:
Network target range refer to towards all types of user, cover each field every profession and trade typical case, army-civilian combination scientific research with Guarantee environment is tested, is commented with safety with the abilities such as network security defense technique demonstration and verification and architecture safety evaluation Estimate ability.
Currently, with the rapid development of automation, computer and Internet technology, network can be opened increasingly, and industry control System product is more and more using puppy parc, common hardware and common software, so that industrial control system is in open state, Cause the information security of industrial control system to face many threats, be based on this, provided in an embodiment of the present invention a kind of half is in kind imitative True industry control network target range system, to provide the industry control network target under a kind of hardware-in-the-loop environment applied to industrial control system Field system carries out security test demand by target range system, reaches and meet the needs of security isolation, improves security risk and comments Estimate ability and attack and defense training ability.
For ease of understanding the present embodiment, first to a kind of HWIL simulation industry control disclosed in the embodiment of the present invention Network target range system describes in detail.
As shown in Figure 1, in one embodiment of the invention, providing a kind of HWIL simulation industry control network target range system System, including:Babinet, and be set to the industrial switch 103 of the box house, PLC controller 105, engineer station 101, Industrial control data ferry-boat system 102 and industry control fire wall 104.
The engineer station 101, for send carry attack information control data bag ferry to the industrial control data System 102.
In practical applications, the engineer station 101, for program development, system diagnostics, control system configuration, data The editor and modification of library and picture.In addition, the engineer station 101 is additionally operable to simulated strike environment, attack effect, example are demonstrated Such as, production system (i.e. PLC controller 105) is attacked using attack software, at this time operator by hack tool to work Control data ferry-boat system 102 sends the control data bag for carrying attack information, i.e., for not awarded to PLC controller 105 The control data bag of power read-write and change.
The industrial control data ferry-boat system 102, for where the engineer station 101 and the industrial switch 103 Different brackets network between carry out security isolation, and when the packet header and backpack body of the control data bag meet it is default When safety condition, the control data bag is sent to the industrial switch 103.
The system 102 specifically, industrial control data is ferried, also ensures that while for meeting the needs of business data transmission Transmission link is physically-isolated, meets the requirement of state protection standard.As shown in Fig. 2, the industrial control data ferry-boat system 102 is wrapped It includes:Intranet machine, light one-way isolation component and outer net machine.
The outer net machine is connect with the engineer station 101, and the Intranet machine is connect with the industrial switch 103.
The smooth one-way isolation component includes:The light unidirectional emission device that is connect with the outer net machine and with the Intranet machine The light one-way receiver of connection, the data packet for the satisfaction obtained from the outer net machine to be preset to safety condition are sent to institute State Intranet machine.
In practical applications, the smooth one-way isolation component is as uniquely without information leakage physical channel, blocking is any The procotol of form connects, and by protocol conversion means, is realized in such a way that information unidirectionally imports, only data source, data The data that format and data content are satisfied by security strategy requirement could be by pacifying light one-way isolation component.Also, light unidirectionally every Have proprietary data exchange agreement from component, the application data in network-based common protocol can be stripped out, is encapsulated It is transferred to the other end of isolated part for system-specific agreement, then is once removed and Reseals reduction number with common protocol According to.
The industry control fire wall 104 is deployed between the PLC controller 105 and the industrial switch 103, is used for When detecting the attack information in the control data bag, the control data bag is intercepted.
A kind of HWIL simulation industry control network target range provided in an embodiment of the present invention system, it is a kind of applied to industry to provide Industry control network target range system under the hardware-in-the-loop environment of control system carries out security test by the network target range system Demand reaches and meets the needs of security isolation, improves security risk assessment ability and attack and defense training ability.
As shown in figure 3, on the basis of previous embodiment, in an alternative embodiment of the invention, the network target range system System further includes:The industry control O&M auditing system that is deployed in first server 107 and in being connect with the first server 107 Electronic console 109.
The industry control O&M auditing system is connect with the industrial switch 103, for the work in industrial network The operation of the O&M of control fire wall 104 and the industrial switch 103 is audited.
The electronic console 109, the audit information sent for receiving and showing the industry control O&M auditing system.
On the basis of previous embodiment, in an alternative embodiment of the invention, network target range system further includes:Portion The information security supervising platform being deployed on second server 108.
Described information security control platform is connect with the industrial switch 103, for receiving the industry control fire wall 104, the warning information that the industrial control data ferry-boat system 102 and each system of the industry control O&M auditing system are sent, and according to The warning information generates counte-rplan.
In practical applications, described information security control platform, for receiving the industry control fire wall 104, the industry control The warning information that each systems such as data ferry-boat system 102, the industry control O&M auditing system and industrial switch 103 are sent, By summarizing and analyzing, the general safety situation of industry control network is formed, realizes the comprehensive supervision to entire security system, simultaneously Integrated emergency prediction scheme, realize find threat, alarm report, comprehensive analysis, an emergency processing full set emergency response process flow.
The second server 108 is connect with the electronic console 109, is used for the warning information and the reply Scheme is sent to the electronic console 109, so that the electronic console 109 shows the warning information and described answers other side Case.
Specifically, (such as KVM switches by a switching equipment for the first server 107 and the second server 108 Device) it is connected to same electronic console 109, operator can control switching equipment switching, make to show by one group of keyboard and mouse Display screen shows the operation data of different server.In addition it is also possible to which each server configures a display.
In addition, the electronic console 109 can also be connect by switching equipment with the industry control fire wall 104, it is used for Receive and show the attack intercept information that the fire wall is sent.
Specifically, when being attacked production system (i.e. PLC controller 105) using hack tool, set using switching Standby switching, so that display shows the runnable interface of industry control fire wall 104, so that it may to check that the attack that fire wall is sent intercepts letter Breath.
On the basis of previous embodiment, the engineer station 101, the first server in the embodiment of the present invention 107 and the second server 108 in be deployed with industrial control host guard system.
The industrial control host guard system prevents malicious code from propagating and run for creating industry control white ring border.
Specifically, 101 demonstrations that can be stood with utilizing works teacher intercept malicious code using industrial control host guard system, And then protect terminal security.
On the basis of previous embodiment, as shown in figure 4, network target range system further includes:Human-computer interaction device 110。
The PLC controller 105 is connect by I/O modules at least one of industry spot industrial equipment 106, is used for Receive the operation information of the industrial equipment 106.
Wherein, the industrial equipment 106 includes:The industrial equipments such as flowmeter, measuring instrumentss.
The human-computer interaction device 110 connect with the industrial switch 103, for receiving the industrial switch 103 The operation information and sending device control instruction of the industrial equipment 106 sent give the industrial switch 103, so that The industrial switch 103 sends the equipment control instruction to the PLC controller 105, and then makes the PLC controller 105 send the equipment control instruction to industrial equipment 106 to be controlled.
In practical applications, industrial control host guard system is disposed in the human-computer exchange equipment.Man-machine friendship can be utilized The mutual demonstration of equipment 110 attacks industrial control system using malicious code and attack software, intuitively shows attack effect.
In an embodiment of the present invention, the industrial switch 103 in above-described embodiment, PLC controller 105, engineer station 101, industrial control data ferry-boat system 102, industry control fire wall 104, first server 107, second server 108, electronic console 109, human-computer interaction device 110 may be contained in babinet, and internal compact and reasonable is placed.The babinet can be to fasten to tie up and down Structure facilitates folding.In addition, the bottom of box is provided with movable fixture, for example, the contour structures of babinet can be portable Trolley case can normally take the vehicles such as subway and high ferro, easy to carry.
A kind of HWIL simulation industry control network target range provided in an embodiment of the present invention system, it is therefore an objective to establish most basic and most Typical industrial control system simulated environment and security protection system, to the key production technology thereof flow of target industrial control system and On the basis of typical control system emulation, carry out various types of industry control safety experiments, to verify the peace of industrial control system The security breaches of Quan Xing, digging system and crucial control device, research is for the attack method of control system, attack effect and prevents Shield measure finally provides theoretical foundation to the security evaluation of target industrial control system true environment, security hardening and Safe Transformation And guiding opinion, it is a set of comprehensive industry control safety experiment platform for integrating the functions such as verification and displaying.
A kind of HWIL simulation industry control network target range provided in an embodiment of the present invention system is equipped with a full set of industry control peace Full protection system can carry out security protection from many levels, and can carry out concentrating audit and supervision to all alarms, can complete Kinds of experiments.For example, as shown in table 1 below using the experiment type that network target range system can carry out.
Table 1
Flow chart and block diagram in attached drawing show the system, method and computer journey of multiple embodiments according to the present invention The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part for a part for one module, section or code of table, the module, section or code includes one or more uses The executable instruction of the logic function as defined in realization.It should also be noted that in some implementations as replacements, being marked in box The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can essentially base Originally it is performed in parallel, they can also be executed in the opposite order sometimes, this is depended on the functions involved.It is also noted that It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule The dedicated hardware based system of fixed function or action is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
The computer program product for the HWIL simulation industry control network target range system that the embodiment of the present invention is provided, including deposit The computer readable storage medium of program code is stored up, the instruction that said program code includes can be used for executing previous methods and implement Method described in example, specific implementation can be found in embodiment of the method, and details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can Can also be electrical connection to be mechanical connection;It can be directly connected, can also indirectly connected through an intermediary, Ke Yishi Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
In the description of the present invention, it should be noted that term "center", "upper", "lower", "left", "right", "vertical", The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to Convenient for the description present invention and simplify description, do not indicate or imply the indicated device or element must have a particular orientation, With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.In addition, term " first ", " second ", " third " is used for description purposes only, and is not understood to indicate or imply relative importance.
Finally it should be noted that:Embodiment described above, only specific implementation mode of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, it will be understood by those of ordinary skill in the art that:Any one skilled in the art In the technical scope disclosed by the present invention, it can still modify to the technical solution recorded in previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover the protection in the present invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of HWIL simulation industry control network target range system, which is characterized in that including:Babinet, and it is set to the babinet Interior industrial switch, PLC controller, engineer station, industrial control data ferry-boat system and industry control fire wall;
The engineer station, for send carry attack information control data bag give the industrial control data ferry system;
The industrial control data ferry-boat system, for the different brackets network where the engineer station and the industrial switch Between carry out security isolation, will and when the packet header of the control data bag and backpack body meet and preset safety condition The control data bag is sent to the industrial switch;
The industry control fire wall is deployed between the PLC controller and the industrial switch, in the control data It detects to intercept the control data bag when attack information in packet.
2. system according to claim 1, which is characterized in that industrial control data ferry-boat system includes:Intranet machine, light list To isolated part and outer net machine;
The outer net machine is connect with the engineer station, and the Intranet machine is connect with the industrial switch;
The smooth one-way isolation component, the data packet for the satisfaction obtained from the outer net machine to be preset to safety condition are sent To the Intranet machine.
3. system according to claim 2, which is characterized in that the smooth one-way isolation component includes:With the outer net machine The light unidirectional emission device of connection and the light one-way receiver being connect with the Intranet machine.
4. system according to claim 3, which is characterized in that further include:The industry control O&M being deployed in first server Auditing system and the electronic console being connect with the first server;
The industry control O&M auditing system is connect with the industrial switch, for the industry control fire wall in industrial network O&M operation with the industrial switch is audited;
The electronic console, the audit information sent for receiving and showing the industry control O&M auditing system.
5. system according to claim 4, which is characterized in that further include:The information security being deployed on second server Supervising platform;
Described information security control platform is connect with the industrial switch, for receiving the industry control fire wall, the industry control The warning information that data ferry-boat system and each system of the industry control O&M auditing system are sent, and generated according to the warning information Counte-rplan;
The second server is connect with the electronic console, for the warning information and the counte-rplan to be sent to The electronic console, so that the electronic console shows the warning information and the counte-rplan.
6. system according to claim 5, which is characterized in that the electronic console also connects with the industry control fire wall It connects, the attack intercept information sent for receiving and showing the fire wall.
7. system according to claim 6, which is characterized in that the engineer station, the first server and described Industrial control host guard system is deployed in two servers;
The industrial control host guard system prevents malicious code from propagating and run for creating industry control white ring border.
8. system according to claim 7, which is characterized in that the PLC controller passes through in I/O modules and industry spot At least one industrial equipment connection, the operation information for receiving the industrial equipment.
9. system according to claim 8, which is characterized in that further include:Human-computer interaction device;
The human-computer interaction device connect with the industrial switch, the industry sent for receiving the industrial switch The operation information and sending device control instruction of equipment give the industrial switch, so that the industrial switch sends institute Equipment control instruction is stated to the PLC controller, and then the PLC controller is made to send the equipment control instruction to be controlled Industrial equipment.
10. system according to claim 9, which is characterized in that the babinet is upper and lower fastening structure, the bottom of box It is provided with mobile device.
CN201810314835.2A 2018-04-10 2018-04-10 HWIL simulation industry control network target range system Pending CN108521423A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810314835.2A CN108521423A (en) 2018-04-10 2018-04-10 HWIL simulation industry control network target range system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810314835.2A CN108521423A (en) 2018-04-10 2018-04-10 HWIL simulation industry control network target range system

Publications (1)

Publication Number Publication Date
CN108521423A true CN108521423A (en) 2018-09-11

Family

ID=63431879

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810314835.2A Pending CN108521423A (en) 2018-04-10 2018-04-10 HWIL simulation industry control network target range system

Country Status (1)

Country Link
CN (1) CN108521423A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401661A (en) * 2019-07-29 2019-11-01 云南电网有限责任公司电力科学研究院 A kind of network security target range system of electric power monitoring system
CN110475227A (en) * 2019-07-26 2019-11-19 上海帆一尚行科技有限公司 The method, apparatus of car networking protecting information safety, system, electronic equipment
CN110620791A (en) * 2019-10-10 2019-12-27 江苏亨通工控安全研究院有限公司 Industrial safety data ferrying system with early warning function
CN110941232A (en) * 2019-11-21 2020-03-31 博智安全科技股份有限公司 Portable safety shooting range device and method for industrial control network
CN111343158A (en) * 2020-02-12 2020-06-26 博智安全科技股份有限公司 Network shooting range platform based on virtualization technology
CN111600913A (en) * 2020-07-22 2020-08-28 南京赛宁信息技术有限公司 Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range
CN111654512A (en) * 2020-08-06 2020-09-11 北京赛宁网安科技有限公司 USB flash disk ferry attack environment simulation device and method applied to network target range
CN112437041A (en) * 2020-10-27 2021-03-02 北京珞安科技有限责任公司 Industrial control safety audit system and method based on artificial intelligence
CN114531292A (en) * 2022-02-22 2022-05-24 北京华电云博科技有限公司 Simulation display platform for detecting power network attack
CN115705035A (en) * 2021-08-13 2023-02-17 中国石油天然气集团有限公司 Unmanned station yard valve chamber control system and control method of unmanned station yard valve chamber

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117624A1 (en) * 2002-10-21 2004-06-17 Brandt David D. System and methodology providing automation security analysis, validation, and learning in an industrial controller environment
CN202856781U (en) * 2012-08-29 2013-04-03 广东电网公司电力科学研究院 Industrial control system main station safety device
CN204089849U (en) * 2013-12-26 2015-01-07 珠海市鸿瑞信息技术有限公司 A kind of network isolating device based on industrial control protocols
CN106506202A (en) * 2016-10-31 2017-03-15 华中科技大学 Half visual illustration verification platform and method towards industrial control system protecting information safety
CN106686005A (en) * 2017-03-01 2017-05-17 北京博众益友科技有限公司 Safety protection system and safety protection method for industrial control system
CN107817756A (en) * 2017-10-27 2018-03-20 西北工业大学 Networking DNC system target range design method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117624A1 (en) * 2002-10-21 2004-06-17 Brandt David D. System and methodology providing automation security analysis, validation, and learning in an industrial controller environment
CN202856781U (en) * 2012-08-29 2013-04-03 广东电网公司电力科学研究院 Industrial control system main station safety device
CN204089849U (en) * 2013-12-26 2015-01-07 珠海市鸿瑞信息技术有限公司 A kind of network isolating device based on industrial control protocols
CN106506202A (en) * 2016-10-31 2017-03-15 华中科技大学 Half visual illustration verification platform and method towards industrial control system protecting information safety
CN106686005A (en) * 2017-03-01 2017-05-17 北京博众益友科技有限公司 Safety protection system and safety protection method for industrial control system
CN107817756A (en) * 2017-10-27 2018-03-20 西北工业大学 Networking DNC system target range design method

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110475227B (en) * 2019-07-26 2022-03-22 上海帆一尚行科技有限公司 Method, device and system for protecting information security of Internet of vehicles and electronic equipment
CN110475227A (en) * 2019-07-26 2019-11-19 上海帆一尚行科技有限公司 The method, apparatus of car networking protecting information safety, system, electronic equipment
CN110401661A (en) * 2019-07-29 2019-11-01 云南电网有限责任公司电力科学研究院 A kind of network security target range system of electric power monitoring system
CN110620791A (en) * 2019-10-10 2019-12-27 江苏亨通工控安全研究院有限公司 Industrial safety data ferrying system with early warning function
CN110941232A (en) * 2019-11-21 2020-03-31 博智安全科技股份有限公司 Portable safety shooting range device and method for industrial control network
CN111343158A (en) * 2020-02-12 2020-06-26 博智安全科技股份有限公司 Network shooting range platform based on virtualization technology
CN111343158B (en) * 2020-02-12 2022-06-14 博智安全科技股份有限公司 Network shooting range platform based on virtualization technology
CN111600913A (en) * 2020-07-22 2020-08-28 南京赛宁信息技术有限公司 Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range
CN111600913B (en) * 2020-07-22 2020-11-24 南京赛宁信息技术有限公司 Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range
CN111654512A (en) * 2020-08-06 2020-09-11 北京赛宁网安科技有限公司 USB flash disk ferry attack environment simulation device and method applied to network target range
CN112437041A (en) * 2020-10-27 2021-03-02 北京珞安科技有限责任公司 Industrial control safety audit system and method based on artificial intelligence
CN115705035A (en) * 2021-08-13 2023-02-17 中国石油天然气集团有限公司 Unmanned station yard valve chamber control system and control method of unmanned station yard valve chamber
CN115705035B (en) * 2021-08-13 2024-05-28 中国石油天然气集团有限公司 Unmanned station valve room control system and control method thereof
CN114531292A (en) * 2022-02-22 2022-05-24 北京华电云博科技有限公司 Simulation display platform for detecting power network attack

Similar Documents

Publication Publication Date Title
CN108521423A (en) HWIL simulation industry control network target range system
Bhamare et al. Cybersecurity for industrial control systems: A survey
Eckhart et al. Digital twins for cyber-physical systems security: State of the art and outlook
Eckhart et al. Towards security-aware virtual environments for digital twins
CN108418807B (en) Industrial control system mainstream protocol implementation and monitoring analysis platform
Morris et al. A control system testbed to validate critical infrastructure protection concepts
Koutsoukos et al. SURE: A modeling and simulation integration platform for evaluation of secure and resilient cyber–physical systems
Ficco et al. Simulation platform for cyber-security and vulnerability analysis of critical infrastructures
Mallouhi et al. A testbed for analyzing security of SCADA control systems (TASSCS)
Das et al. Handbook on securing cyber-physical critical infrastructure
CN106506202B (en) Towards the half visual illustration verification platform and method of industrial control system protecting information safety
Robles-Durazno et al. PLC memory attack detection and response in a clean water supply system
McParland et al. Monitoring security of networked control systems: It's the physics
Giménez et al. SWE Simulation and Testing for the IoT
Domínguez et al. Cybersecurity training in control systems using real equipment
Dehlaghi-Ghadim et al. ICSSIM—a framework for building industrial control systems security testbeds
Peng et al. Cyber-physical attack-oriented Industrial Control Systems (ICS) modeling, analysis and experiment environment
Ramirez et al. PLC cyber-security challenges in industrial networks
Zahid et al. A security risk mitigation framework for cyber physical systems
Adepu et al. Access control in water distribution networks: A case study
Puys et al. Hardware-in-the-loop labs for SCADA cybersecurity awareness and training
Redwood Cyber physical system vulnerability research
McDonald et al. Modeling and simulation for cyber-physical system security research, development and applications
CN115134127A (en) Electric power monitoring network safety test system
Stamp et al. Cyber security analysis for the power grid using the virtual control systems environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180911

RJ01 Rejection of invention patent application after publication