CN112995122B - Industrial control network safety data visualization system - Google Patents
Industrial control network safety data visualization system Download PDFInfo
- Publication number
- CN112995122B CN112995122B CN202010219923.1A CN202010219923A CN112995122B CN 112995122 B CN112995122 B CN 112995122B CN 202010219923 A CN202010219923 A CN 202010219923A CN 112995122 B CN112995122 B CN 112995122B
- Authority
- CN
- China
- Prior art keywords
- data
- industrial control
- network security
- unit
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013079 data visualisation Methods 0.000 title claims abstract description 32
- 231100000279 safety data Toxicity 0.000 title claims abstract description 22
- 238000005516 engineering process Methods 0.000 claims abstract description 24
- 238000007418 data mining Methods 0.000 claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 13
- 238000005065 mining Methods 0.000 claims abstract description 9
- 239000000523 sample Substances 0.000 claims abstract description 9
- 238000001514 detection method Methods 0.000 claims abstract description 8
- 230000008859 change Effects 0.000 claims abstract description 6
- 230000005856 abnormality Effects 0.000 claims abstract description 5
- 238000013500 data storage Methods 0.000 claims description 13
- 238000007781 pre-processing Methods 0.000 claims description 9
- 230000007246 mechanism Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 5
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 230000011218 segmentation Effects 0.000 claims description 3
- 230000000007 visual effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 4
- 238000012800 visualization Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000009412 basement excavation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- ZLIBICFPKPWGIZ-UHFFFAOYSA-N pyrimethanil Chemical compound CC1=CC(C)=NC(NC=2C=CC=CC=2)=N1 ZLIBICFPKPWGIZ-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/26—Visual data mining; Browsing structured data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Testing And Monitoring For Control Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides an industrial control network safety data visualization system and equipment, the system includes: the data acquisition module is used for acquiring network security data generated by the industrial control equipment by utilizing a host probe technology, a flow monitoring technology and an abnormality detection technology; the data mining module is electrically connected with the data acquisition module and is used for mining the acquired network security data; and the data visualization module is electrically connected with the data mining module and is used for carrying out graphical representation on the mined industrial control safety data so as to display the industrial control safety data and the change trend of the industrial control safety data. The system can improve the efficiency of data acquisition and mining and the data visualization quality.
Description
Technical Field
The application relates to the field of network security, in particular to an industrial control network security data visualization system.
Background
Compared with the traditional information security, the industrial control system has the unique feature. The industrial control system is a special system initially adopted, the operating system and the communication protocol of the industrial control system are also quite different from those of the general system, and compared with an open internet environment, the industrial control system is independent, and the industrial control system is designed for completing various real-time control functions and does not consider the problem of safety protection.
However, with the development of computer and network technologies, with the trend of "industry 4.0", "two-way industry", "internet +", the problem of network security (for short, industrial control system security) of the traditional industrial control system has become a serious challenge for enterprise and country security, and has been paid more and more attention to enterprises and governments, and the industrial control system has been developed after a long period of time of closed state, so that the industrial control system exposes itself to the internet through network interconnection, thereby causing the system itself to be easily attacked by viruses, trojans and hackers from the enterprise management network or the internet, and causing huge security risks and hidden dangers to key infrastructure, important systems and the like controlled by the industrial control system.
On the one hand, the situation visualization technology of the traditional network security enterprise is mainly characterized by exposing a host at an internet end, and placing a threat situation and a host running situation suffered by a business host of an enterprise office network, so that network security situation display is formed. On the other hand, the traditional industrial field monitoring is performed by taking the running state of the control configuration generated by a certain industrial control system as a monitoring point. From the above, none of the conventional network security technologies combine the features of industrial control systems.
Disclosure of Invention
In view of this, the purpose of this application is to propose an industrial control network safety data visualization system to solve the problem that data acquisition, excavation inefficiency and data visualization quality are poor in prior art.
Based on the above objects, the present application provides an industrial control network security data visualization system, the system comprising:
the data acquisition module is used for acquiring network security data generated by the industrial control equipment by utilizing a host probe technology, a flow monitoring technology and an abnormality detection technology;
the data mining module is electrically connected with the data acquisition module and is used for mining the acquired network security data;
and the data visualization module is electrically connected with the data mining module and is used for carrying out graphical representation on the mined industrial control safety data so as to display the industrial control safety data and the change trend of the industrial control safety data.
In one embodiment, the data acquisition module comprises:
the host probe unit is used for probing host information by adopting a passive monitoring mode so as to acquire the security configuration or alarm log of the running state of the host;
the flow monitoring unit is used for sniffing the network operation state by adopting a network flow mirroring technology and acquiring network threat and original information by combining an abnormal rule detection mechanism and an original flow extraction mechanism;
and the message queue unit is used for transmitting and collecting network information in real time by adopting the Kafka high-performance message queue.
Kafka is an open source stream processing platform developed by the Apache software foundation, written by Scala and Java. Kafka is a high throughput distributed publish-subscribe messaging system that can process real-time streaming data. These data are typically addressed by processing logs and log aggregations due to throughput requirements. This is a viable solution for log data and offline analysis systems like the elastosearch, but requires real-time processing constraints. The purpose of Kafka is to unify on-line and off-line message processing through the parallel loading mechanism of elastic search, and also to provide real-time messages through clusters.
In one embodiment, the data mining module includes:
the data preprocessing unit is used for preprocessing and converting the network information passing through the Kafka to obtain industrial control network security data;
and the clustering and classifying unit is electrically connected with the data preprocessing unit and is used for clustering and classifying the industrial control network security data and storing the clustered and classified industrial control network security data into a database.
In one embodiment, the data visualization module includes:
the micro-service interface unit is used for building a micro-service interface by adopting a Spring closed framework and providing front-end call;
and the visual component unit is electrically connected with the micro-service interface unit and is used for constructing the front end by adopting Angularjs, echarts, D JS and threjs.
In one embodiment, the system further comprises:
and the data storage module is electrically connected with the data acquisition module and is used for storing the acquired network security data by utilizing a relational data and NOSQL big data storage technology.
In one embodiment, the data storage module comprises:
and the big data storage unit is used for storing mass logs by adopting an elastic search non-relational database and performing word segmentation according to the network threat keywords.
An apparatus comprising at least one industrial control network security data visualization system as claimed in any one of the preceding claims.
The application provides an industrial control network safety data visualization system, the system includes: the data acquisition module is used for acquiring network security data generated by the industrial control equipment by utilizing a host probe technology, a flow monitoring technology and an abnormality detection technology; the data mining module is electrically connected with the data acquisition module and is used for mining the acquired network security data; and the data visualization module is electrically connected with the data mining module and is used for carrying out graphical representation on the mined industrial control safety data so as to display the industrial control safety data and the change trend of the industrial control safety data. The system can improve the efficiency of data acquisition and mining and the data visualization quality.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an industrial control network security data visualization system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an industrial asset location of an industrial network security data visualization system according to an embodiment of the present application;
fig. 3 is an industrial control vulnerability schematic diagram of an industrial control network security data visualization system according to an embodiment of the present application;
fig. 4 is a schematic diagram of a supply chain analysis of an industrial control network security data visualization system according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present application should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present disclosure pertains. The terms "first," "second," and the like, as used in this disclosure, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
In order to facilitate understanding of the present application, the following keywords need to be described, specifically as follows:
and the industrial control terminal: the host computer running various industrial control software in the industrial control environment comprises an engineer station, an operator station and the like.
The industrial control system comprises: the system mainly utilizes the combination of electronics, mechanics and software to realize the automatic process control in a certain industry field.
And (3) industrial control protocol: refers to the protocol used when the up-down host transmits communication messages on the industrial control host or the laboratory host.
The invention aims at the system for carrying out data visualization on the industrial control network security.
The aim of the invention can be achieved by the following technical scheme:
referring to fig. 1, an industrial control network security data visualization system, configured to display detailed data related to industrial control system network security and corresponding change trends, where the system includes:
the data acquisition module is used for collecting network information and network security information generated by the industrial control equipment by using a host probe technology, a flow monitoring technology and an abnormality detection technology;
the data mining module is used for mining the industrial control network safety data of the data acquisition;
the data storage module is used for storing the acquired data by utilizing a relational data and NOSQL big data storage technology;
the data visualization module is used for carrying out graphic representation on the mined and calculated industrial control safety data and displaying specific industrial control safety data and the change trend of the industrial control safety data;
the data acquisition module further comprises:
the host probe unit is used for probing host information by adopting a passive monitoring mode so as to acquire the security configuration or alarm log of the running state of the host;
the flow monitoring unit adopts a network flow mirroring technology to sniff the network operation state, and combines an abnormal rule detection mechanism, and an original flow extraction mechanism acquires network threat and original information;
a message queue unit, which adopts a Kafka high-performance message queue to transmit the acquired information in real time;
the data mining module further comprises:
a data preprocessing unit for preprocessing and converting the data passing through the Kafka;
the clustering and classifying unit is used for clustering and classifying the preprocessed industrial control network safety data and storing the clustered and classified data into a database;
the data storage module further includes:
the big data storage unit is used for storing mass logs by adopting an elastic search non-relational database and performing word segmentation according to the network threat keywords;
the data visualization module further includes:
the micro-service interface unit builds a micro-service interface by adopting a Springclosed framework and provides front-end calling;
and the visualization component unit adopts Angularjs, echarts, D3JS and Threejs for front-end construction.
As can be seen from fig. 2 to fig. 4, the present application has the following advantages:
1) The data acquisition module adopts a host probe, log collection and flow mirror image multimode acquisition, so that compared with the traditional method for only collecting log alarm information, the method is more comprehensive and effective;
2) The message queue is utilized to carry out load balance on the data of a plurality of sources, so that the efficiency and the quality of data acquisition are further improved;
3) The mining module firstly carries out preprocessing on the data and then clusters and classifies the data, so that the mining effect is enhanced, and the quality of the mined data is improved;
4) The whole system is divided into four parts of data acquisition, data mining, data storage and data visualization, and the whole system is mutually decoupled, so that the maintenance is convenient;
5) The visualization unit comprises the currently advanced visualization tools such as Angularjs, echarts, D3JS and Threejs, and the like, so that the data visualization effect is ensured;
6) And (3) tracking an attack chain in a network security attack process, performing visual analysis and drawing, and deeply sensing APT attack.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. The embodiments of the present application are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Accordingly, any omissions, modifications, equivalents, improvements and the like, which are within the spirit and principles of the application, are intended to be included within the scope of the present application.
Claims (5)
1. An industrial control network security data visualization system, the system comprising:
the data acquisition module is used for acquiring network security data generated by the industrial control equipment by utilizing a host probe technology, a flow monitoring technology and an abnormality detection technology;
the data acquisition module comprises:
the host probe unit is used for probing host information by adopting a passive monitoring mode so as to acquire the security configuration or alarm log of the running state of the host;
the flow monitoring unit is used for sniffing the network operation state by adopting a network flow mirroring technology and acquiring network threat and original information by combining an abnormal rule detection mechanism and an original flow extraction mechanism;
a message queue unit for transmitting and collecting network information in real time by adopting a high Kafka performance message queue; kafka is an open source stream processing platform;
the data mining module is electrically connected with the data acquisition module and is used for mining the acquired network security data;
and the data visualization module is electrically connected with the data mining module and is used for carrying out graphical representation on the mined industrial control safety data so as to display the industrial control safety data and the change trend of the industrial control safety data.
2. The industrial control network security data visualization system of claim 1, wherein the data mining module comprises:
the data preprocessing unit is used for preprocessing and converting the network information passing through the Kafka to obtain industrial control network security data;
and the clustering and classifying unit is electrically connected with the data preprocessing unit and is used for clustering and classifying the industrial control network security data and storing the clustered and classified industrial control network security data into a database.
3. The industrial control network security data visualization system of claim 1, wherein the data visualization module comprises:
the micro-service interface unit is used for building a micro-service interface by adopting a Spring closed framework and providing front-end call;
and the visual component unit is electrically connected with the micro-service interface unit and is used for constructing the front end by adopting Angularjs, echarts, D JS and threjs.
4. The industrial control network security data visualization system of claim 1, further comprising:
and the data storage module is electrically connected with the data acquisition module and is used for storing the acquired network security data by utilizing a relational data and NOSQL big data storage technology.
5. The industrial control network security data visualization system of claim 1, wherein the data storage module comprises:
and the big data storage unit is used for storing mass logs by adopting an elastic search non-relational database and performing word segmentation according to the network threat keywords.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010219923.1A CN112995122B (en) | 2020-03-25 | 2020-03-25 | Industrial control network safety data visualization system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010219923.1A CN112995122B (en) | 2020-03-25 | 2020-03-25 | Industrial control network safety data visualization system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112995122A CN112995122A (en) | 2021-06-18 |
| CN112995122B true CN112995122B (en) | 2024-03-08 |
Family
ID=76344214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010219923.1A Active CN112995122B (en) | 2020-03-25 | 2020-03-25 | Industrial control network safety data visualization system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112995122B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108646722A (en) * | 2018-07-18 | 2018-10-12 | 杭州安恒信息技术股份有限公司 | A kind of industrial control system information security simulation model and terminal |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
| WO2020037634A1 (en) * | 2018-08-24 | 2020-02-27 | 哈尔滨工程大学计算机科学与技术学院 | Information monitoring system and method for industrial control device network, computer readable storage medium, and computer device |
-
2020
- 2020-03-25 CN CN202010219923.1A patent/CN112995122B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108646722A (en) * | 2018-07-18 | 2018-10-12 | 杭州安恒信息技术股份有限公司 | A kind of industrial control system information security simulation model and terminal |
| WO2020037634A1 (en) * | 2018-08-24 | 2020-02-27 | 哈尔滨工程大学计算机科学与技术学院 | Information monitoring system and method for industrial control device network, computer readable storage medium, and computer device |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112995122A (en) | 2021-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105553957A (en) | Network safety situation awareness early-warning method and system based big data | |
| CN108415805A (en) | A kind of Smart supervising digital system for electric construction platform equipment | |
| CN114143220B (en) | Real-time data visualization platform | |
| CN103699964A (en) | Agricultural-product tracing system based on evidence-chain and supply-chain panels | |
| CN110135171A (en) | A kind of Internet of Things information security situation system | |
| CN111147521B (en) | Enterprise private network security event management system | |
| CN110149303B (en) | Party-school network security early warning method and early warning system | |
| NL2030719B1 (en) | Microservice application observability system | |
| CN111262734A (en) | Network security event emergency processing method | |
| CN111708932A (en) | Cloud computing platform and scheduling and data analysis method and system thereof | |
| CN105335770A (en) | Abnormal production event real-time management system | |
| CN114390112A (en) | Rail transit emergency disposal method and device, electronic equipment and storage medium | |
| CN110222017A (en) | Processing method, device, equipment and the computer readable storage medium of real time data | |
| CN112995122B (en) | Industrial control network safety data visualization system | |
| CN113312321A (en) | Abnormal monitoring method for traffic and related equipment | |
| CN108389131A (en) | A kind of financial system micro services transaction monitoring implementation method | |
| CN105242655A (en) | Industrial on-site supervising device based on Internet of Things | |
| US20220070212A1 (en) | Using Neural Networks to Process Forensics and Generate Threat Intelligence Information | |
| CN116233199A (en) | Sewage treatment equipment intelligent water mist detection cloud platform based on wireless data communication | |
| CN112668912B (en) | Training method, dynamic calculation segmentation scheduling method, storage medium and system for artificial neural network | |
| CN107819601A (en) | A kind of safe O&M service architecture quickly and efficiently based on Spark | |
| CN209842697U (en) | Water and electricity engineering test detection process information processing system based on two-dimensional code technology | |
| CN113342619A (en) | Log monitoring method and system, electronic device and readable medium | |
| CN112000559A (en) | Abnormal equipment detection method and device | |
| Xu et al. | Research on condition monitoring platform for mineral processing equipment based on industrial cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: Room 01, floor 1, building 104, No. 3 minzhuang Road, Haidian District, Beijing 100195 Applicant after: Changyang Technology (Beijing) Co.,Ltd. Address before: 100195 2nd floor, building 3, yuquanhuigu phase II, No.3 minzhuang Road, Haidian District, Beijing Applicant before: CHANGYANG TECH (BEIJING) Co.,Ltd. Country or region before: China |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |