CN113489728A - Safety evaluation system and method for industrial internet - Google Patents
Safety evaluation system and method for industrial internet Download PDFInfo
- Publication number
- CN113489728A CN113489728A CN202110771846.5A CN202110771846A CN113489728A CN 113489728 A CN113489728 A CN 113489728A CN 202110771846 A CN202110771846 A CN 202110771846A CN 113489728 A CN113489728 A CN 113489728A
- Authority
- CN
- China
- Prior art keywords
- industrial internet
- security
- module
- threat detection
- industrial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a system and a method for safety evaluation of industrial internet, wherein the system comprises: the system comprises a digital analog module, a threat detection module and a safety evaluation module; the digital simulation module is used for carrying out digital simulation on the industrial Internet system based on a digital twinning technology to construct an industrial digital twinning body; the threat detection module is used for acquiring behavior data information of the industrial internet and the industrial digital twin body, carrying out threat detection on the industrial internet based on the behavior data information, and sending a threat detection result to the security evaluation module; and the safety assessment module is used for carrying out safety assessment on the industrial internet based on the threat detection result. By adopting the technical means, the safety evaluation of the industrial internet can be quickly and accurately carried out.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a system and a method for safety assessment of an industrial internet.
Background
The industrial internet is widely applied to important industries and fields of energy, traffic, municipal administration and other related nationalities, and becomes an important component of national key information infrastructure. The industrial internet breaks through a relatively closed and credible manufacturing environment of the traditional industry, the threat of security risks such as viruses, trojans and high-level persistent attacks to industrial production is increased day by day, once the industrial internet is attacked by a network, huge economic loss can be caused, environmental disasters and casualties can be brought, and the public security and the national security are endangered. The self-safety and controllability of the industrial internet are the premise for ensuring the implementation of the industrial internet on the ground in various production fields, and are the important basis and guarantee of industrial safety and national safety.
With the development and fusion of new technologies such as 5G, big data, artificial intelligence and the like, the boundary of an industrial network continuously extends, so that a large amount of network security threat extends and permeates from an external network to an industrial internal network, new security risks are also caused by the new technologies, attack means are increasingly complex and changeable, network attacks are changed to dynamic, high-level and continuous attacks, hardware, software and data in the system of the network system are more easily damaged, changed and leaked, the industrial system continuously and reliably operates, continuous service of the industrial network faces more and more challenges, the traditional network security means are not suitable for an industrial control system, and the requirement of industrial internet security protection cannot be met.
In addition, the industrial field is a business field with importance on cost and efficiency, the industrial internet is cooperatively transformed to personalized customization and service, physical events are mapped to the digital world along with the development of digital technology, particularly digital twins, industrial internet assets and processes are modeled, the life cycle and the operation effect of a product are predicted, the design direction and the operation efficiency of the product are influenced, the marketing efficiency of the product is improved, and the income increase is promoted. Meanwhile, the industrial internet is expensive and fragile, and is difficult to recover after being attacked, all production and operation activities are possibly influenced, a new security technology and a new system are needed in a new era, and a security need is innovated to a diversified service mode and a security mechanism is customized, so that the necessary security protection requirement required by the continuous development of the industrial internet can be met.
Disclosure of Invention
The embodiment of the invention provides a system and a method for safety assessment of an industrial internet, which can quickly and accurately perform safety assessment on the industrial internet.
In a first aspect, an embodiment of the present invention provides a security evaluation system for an industrial internet, where the system includes: the system comprises a digital analog module, a threat detection module and a safety evaluation module;
the digital simulation module is used for carrying out digital simulation on the industrial Internet system based on a digital twinning technology to construct an industrial digital twinning body;
the threat detection module is used for acquiring behavior data information of the industrial internet and the industrial digital twin body, carrying out threat detection on the industrial internet based on the behavior data information, and sending a threat detection result to the security evaluation module;
and the safety assessment module is used for carrying out safety assessment on the industrial internet based on the threat detection result.
Further, the system further comprises: a situation awareness module;
the situation awareness module is used for acquiring the behavior data information sent by the threat detection module, performing correlation analysis on the behavior data information, determining the security situation in the industrial internet, and sending the security situation to the security evaluation module;
the security assessment module is specifically configured to perform security assessment on the industrial internet based on the threat detection result and the security situation.
Further, the situation awareness module is further configured to: and when the security situation of the industrial Internet is determined to be an attacked state, determining an attack source of the industrial Internet.
Further, the system further comprises: an automated response module;
the automatic response module is used for determining a security defense strategy based on the threat detection result and the security situation in the industrial internet and sending the security defense strategy to the industrial internet so that the industrial internet carries out security response based on the security defense strategy.
Further, the system further comprises: a visual interface presentation module;
and the visual interface presentation module is used for displaying the behavior data information, the threat detection result and the security situation on a visual interface.
Further, the digital-analog module is specifically configured to: and performing digital simulation on an IT domain, an OT domain and a vulnerability in the industrial Internet system based on a digital twin technology to construct an industrial digital twin body.
Further, the behavior data information includes: behavior data generation time, behavior data type, behavior data hazard level, source IP address, source port, destination IP address, and destination port.
In a second aspect, an embodiment of the present invention further provides a security assessment method for an industrial internet, including:
based on a digital twinning technology, performing digital simulation on an industrial Internet system to construct an industrial digital twinning body;
acquiring behavior data information of the industrial internet and the industrial digital twin body, carrying out threat detection on the industrial internet based on the behavior data information, and determining a threat detection result;
and performing security assessment on the industrial Internet based on the threat detection result.
Further, before the security assessment of the industrial internet based on the threat detection result, the method further includes:
performing correlation analysis on the behavior data information to determine the security situation in the industrial internet;
correspondingly, the security assessment of the industrial internet based on the threat detection result comprises the following steps:
and performing security assessment on the industrial Internet based on the threat detection result and the security situation.
Further, the method also comprises the following steps:
and determining a security defense strategy based on the threat detection result and the security situation in the industrial Internet, and sending the security defense strategy to the industrial Internet so that the industrial Internet performs security response based on the security defense strategy.
The embodiment of the invention provides a system and a method for safety assessment of industrial Internet, wherein the system comprises: the system comprises a digital analog module, a threat detection module and a safety evaluation module; the digital simulation module is used for carrying out digital simulation on the industrial Internet system based on a digital twinning technology to construct an industrial digital twinning body; the threat detection module is used for acquiring behavior data information of the industrial internet and the industrial digital twin body, carrying out threat detection on the industrial internet based on the behavior data information, and sending a threat detection result to the security evaluation module; and the safety assessment module is used for carrying out safety assessment on the industrial internet based on the threat detection result. By adopting the technical means, the digital twin body corresponding to the industrial internet entity can be constructed based on the digital twin body, the industrial internet can be evaluated safely based on the digital twin body and the behavior data information of the industrial internet, and the rapidity and the accuracy of safety evaluation on the industrial internet can be improved on the premise of greatly reducing the cost investment.
Drawings
Fig. 1 is a block diagram illustrating a security evaluation system of an industrial internet according to an embodiment of the present invention;
fig. 2 is a block diagram illustrating a security evaluation system of another industrial internet according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating a security evaluation system of another industrial internet according to an embodiment of the present invention;
fig. 4 is a flowchart of a security assessment method for an industrial internet according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Fig. 1 is a block diagram of a security evaluation system of an industrial internet according to an embodiment of the present invention. As shown in fig. 1, the security evaluation system 100 for the industrial internet includes: a digital-to-analog module 110, a threat detection module 120, and a security assessment module 130;
the digital simulation module 110 is configured to perform digital simulation on the industrial internet system based on a digital twinning technology to construct an industrial digital twinning body;
the threat detection module 120 is configured to obtain behavior data information of the industrial internet and the industrial digital twin, perform threat detection on the industrial internet based on the behavior data information, and send a threat detection result to the security evaluation module 130;
the security assessment module 130 is configured to perform security assessment on the industrial internet based on the threat detection result.
The digital twin is a way of carrying out digital representation on a physical world, and is a full-life cycle process of reflecting corresponding entity equipment by integrating multidisciplinary, multi-physical quantity, multi-scale and multi-probability simulation processes by fully utilizing data such as a physical model, sensor updating, operation history and the like and completing mapping in a virtual space. The digital twin emphasizes the bidirectional connection of the digital world and the physical world, and realizes the synchronization and feedback of the physical twin and the digital twin. The digital simulation is no longer an isolated and static 'model', but can change along with the physical world, interact with the physical world and even influence 'twins' of the physical world, and on one hand, the change increases the authenticity of the digital simulation, and simultaneously, the digital twins can better play a role. The essence of the digital twin value is the data value, and the application of the digital twin value is realized through the high-level data analysis capability and intelligent application established on the mass data. Through the analysis and the mining of the data, a data model of a physical entity is established, the potential laws of the world can be better known, and the correct decision can be made.
In the embodiment of the present invention, the digital analog module 110 may be understood as a basis of the security evaluation system 100 of the industrial internet, wherein the digital analog module 110 is mainly used for: and performing digital simulation on the industrial internet based on a digital twin technology to construct an industrial digital twin, wherein the industrial digital twin can be understood as a simulated internet corresponding to the industrial internet. Optionally, the digital-analog module 110 is specifically configured to: based on a digital twin Technology, an IT (Internet Technology, information Technology) domain, an OT (Operation Technology) domain and a vulnerability in an industrial Internet system are digitally simulated, and an industrial digital twin is constructed. For example, the digital simulation module 110 may perform digital simulation on IT domains (such as office systems, routers, operating systems, WEB services, databases, middleware, HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), Telnet, and the like) in the industrial internet based on a digital twin technology, may also perform digital simulation on devices (such as PLC, DCS controller, and the like), systems (such as SCADA, HMI, and the like) and protocols (such as modbus, s7, IEC-104, and the like) in an OT domain in the industrial internet, and may also perform digital simulation on vulnerabilities in the industrial internet to establish an industrial digital twin. The high-simulation industrial digital twin body constructed based on the digital twin technology does not simply simulate certain protocols or services, but the system is more real through data simulation, on one hand, the doubts of attackers are reduced, on the other hand, the high-simulation industrial digital twin body is beneficial to deeply tracking the behaviors of the attackers, and monitoring is carried out on transverse movement for trying to find sensitive data. The threat detection module 120 may collect behavior data information of the industrial internet and the industrial digital twin in real time by deploying probe collection devices between each of the industrial internet and the field device production layer, the field control layer, the process detection layer, the production management layer, the enterprise network layer, and the like, and at an external network outlet. The threat detection module 120 performs threat detection on the industrial internet based on the behavior data information, for example, the threat detection module 120 labels the behavior data information and performs feature matching with corresponding various feature libraries, so as to perform threat detection on the industrial internet. Optionally, the behavior data information includes: behavior data generation time, behavior data type, behavior data hazard level, source IP address, source port, destination IP address, and destination port. When behavior data are generated in the industrial digital twin, the behavior data in the industrial digital twin can be directly considered as abnormal data, and the industrial internet is considered to have security threat; when the behavior data is determined to be interactive behavior data generated by the industrial internet according to the behavior data information, the behavior data information can be analyzed to judge whether the industrial internet has security threats, and if the behavior data information is not matched with the data of the feature library, the behavior data corresponding to the behavior data information can be considered to possibly have security threats on the industrial internet. In the embodiment of the present invention, the threat detection module 120 performs threat detection on the industrial internet according to the behavior data information, and determines a threat detection result, where the threat detection result includes not only whether the industrial internet has a security threat, but also a security threat type if the industrial internet has a security threat, where the security threat type may include a network attack, a system attack, a malicious program, an abnormal behavior, and the like. The security evaluation module 130 obtains the threat detection result sent by the threat detection module 120, and performs security evaluation on the industrial internet according to the threat detection result. For example, when the threat detection result indicates that the industrial internet does not have a security threat, it may be determined that the security of the industrial internet is high, and when the threat detection result indicates that the industrial internet has a security threat, it may be further determined that the security of the industrial internet is low according to the type of the security threat.
The embodiment of the invention provides a security evaluation system of an industrial internet, which comprises: the system comprises a digital analog module, a threat detection module and a safety evaluation module; the digital simulation module is used for carrying out digital simulation on the industrial Internet system based on a digital twinning technology to construct an industrial digital twinning body; the threat detection module is used for acquiring behavior data information of the industrial internet and the industrial digital twin body, carrying out threat detection on the industrial internet based on the behavior data information, and sending a threat detection result to the security evaluation module; and the safety assessment module is used for carrying out safety assessment on the industrial internet based on the threat detection result. By adopting the technical means, the digital twin body corresponding to the industrial internet entity can be constructed based on the digital twin body, the industrial internet can be evaluated safely based on the digital twin body and the behavior data information of the industrial internet, and the rapidity and the accuracy of safety evaluation on the industrial internet can be improved on the premise of greatly reducing the cost investment.
Fig. 2 is a block diagram of another security assessment system for industrial internet according to this embodiment. As shown in fig. 2, the security evaluation system 100 for the industrial internet further includes a situation awareness module 140; the situation awareness module 140 is configured to obtain the behavior data information sent by the threat detection module 120, perform correlation analysis on the behavior data information, determine a security situation in the industrial internet, and send the security situation to the security evaluation module 130; the security evaluation module 130 is specifically configured to perform security evaluation on the industrial internet based on the threat detection result and the security situation. The advantage of this configuration is that the high-level attacks and unknown threats that are not detected by the threat detection module 120 can be further effectively discovered, so as to further improve the accuracy of the security assessment of the industrial internet.
Specifically, the threat detection module 120 sends the collected behavior data information to the situation awareness module 140, and the situation awareness module 140 performs correlation analysis on the behavior data information to mine unknown threats (which can be understood as threat detection module 120 detecting detected threat behaviors), for example, advanced attacks such as 0day and APT and unknown threats can be effectively discovered, so as to determine the security situation in the industrial internet. For example, the behavior data information collected by the threat detection module 120 may be comprehensively analyzed based on a pre-constructed intelligent security situation analysis model to determine the security situation in the industrial internet, where the intelligent security situation analysis model is a machine learning model constructed based on a large amount of historical behavior data information. The situation awareness module 140 sends the determined security situation in the industrial internet to the security assessment module 130, and the security assessment module 130 performs accurate and comprehensive security assessment on the industrial internet according to the threat detection result and the security situation. Optionally, the situation awareness module 140 is further configured to: and when the security situation of the industrial Internet is determined to be an attacked state, determining an attack source of the industrial Internet. Specifically, when the situation awareness module 140 performs correlation analysis on the behavior data information and determines that the security situation of the industrial internet is an attacked state, the situation awareness module 140 further analyzes the behavior data information and determines an attack source of the industrial internet. Optionally, the threat detection module 120 may further send the threat detection result to the situation awareness module 140, and when the situation awareness module 140 determines that the industrial internet has a security threat according to the threat detection result, perform threat early warning to remind a manager that the industrial internet has a security threat as soon as possible, so that the security of the industrial internet can be protected as much as possible.
As shown in fig. 2, the system further includes an automated response module 150; the automatic response module 150 is configured to determine a security defense policy based on the threat detection result and the security situation in the industrial internet, and send the security defense policy to the industrial internet, so that the industrial internet performs a security response based on the security defense policy. The advantage that sets up like this lies in, can guarantee industrial internet's safe operation, realizes the continuous automated response of industrial internet safe operation, and it promotes the efficiency of safe operation by a wide margin.
Specifically, the automated response module 150 receives the threat detection result sent by the threat detection module 120 and the security situation of the industrial internet sent by the situation awareness module 140, and determines a security defense strategy according to the threat detection result and the security situation, where the security defense strategy may be understood as a security defense method that is automatically customized for different threat detection results and security situations. The automated response module 150 sends the security defense policy to the industrial internet to cause the industrial internet to respond securely based on the security defense policy. Optionally, the automatic response module 150 may also rely on the security arrangement automatic response capability of the SOAR to quickly isolate, clear, and reinforce the guaranteed industrial internet according to the complete and accurate evidence obtaining information, so as to ensure the safe operation of the whole network and the service, realize the continuous automatic response of the safe operation, and greatly improve the efficiency of the safe operation. Optionally, the automatic response module 150 may further send the security defense policy to other security protection and control devices, so that the security protection and control devices may implement blocking of the access of the industrial internet by the attack data in a reinjection manner, and may also be linked with security devices such as a firewall to implement access control based on the security defense policy, so as to avoid further expansion of the security risk of the industrial internet. Of course, the automated response module 150 can also consolidate and fix hosts that have been attacked in the industrial internet.
As shown in fig. 2, the system further includes: a visual interface presentation module 160; the visual interface presenting module 160 is configured to display the behavior data information, the threat detection result, and the security posture on a visual interface. Specifically, in the embodiment of the present invention, the visual interface presenting module 160 may display the behavior data information, the threat detection result, and the security situation on the visual interface in a preset manner. Optionally, information including the operation state of the industrial digital twin, the number analysis of the safety events, the analysis according to time trend, the event type distribution, the event detail query, the attack source information and the like can be visually displayed on a visual interface, so that a safety technician can comprehensively study and judge based on alarm related information and start a disposal response.
Fig. 3 is a block diagram of another security assessment system for industrial internet according to an embodiment of the present invention, which can be understood with reference to the above embodiment, and is not described herein again.
Fig. 4 is a flowchart of a security evaluation method for the industrial internet according to this embodiment. As shown in fig. 4, the method includes the steps of:
and step 410, performing digital simulation on the industrial Internet system based on a digital twinning technology to construct an industrial digital twinning body.
And step 420, acquiring behavior data information of the industrial internet and the industrial digital twin body, performing threat detection on the industrial internet based on the behavior data information, and determining a threat detection result.
And 430, performing security assessment on the industrial internet based on the threat detection result.
The safety assessment method for the industrial internet, provided by the embodiment of the invention, can be used for constructing the digital twins corresponding to the industrial internet entity based on the digital twins and carrying out safety assessment on the industrial internet based on the digital twins and the behavior data information of the industrial internet, and can be used for improving the rapidity and the accuracy of the safety assessment on the industrial internet on the premise of greatly reducing the cost investment.
Optionally, before performing security assessment on the industrial internet based on the threat detection result, the method further includes:
performing correlation analysis on the behavior data information to determine the security situation in the industrial internet;
correspondingly, the security assessment of the industrial internet based on the threat detection result comprises the following steps:
and performing security assessment on the industrial Internet based on the threat detection result and the security situation.
Optionally, the method further includes:
and determining a security defense strategy based on the threat detection result and the security situation in the industrial Internet, and sending the security defense strategy to the industrial Internet so that the industrial Internet performs security response based on the security defense strategy.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. An industrial internet security evaluation system, comprising: the system comprises a digital analog module, a threat detection module and a safety evaluation module;
the digital simulation module is used for carrying out digital simulation on the industrial Internet system based on a digital twinning technology to construct an industrial digital twinning body;
the threat detection module is used for acquiring behavior data information of the industrial internet and the industrial digital twin body, carrying out threat detection on the industrial internet based on the behavior data information, and sending a threat detection result to the security evaluation module;
and the safety assessment module is used for carrying out safety assessment on the industrial internet based on the threat detection result.
2. The system of claim 1, further comprising: a situation awareness module;
the situation awareness module is used for acquiring the behavior data information sent by the threat detection module, performing correlation analysis on the behavior data information, determining the security situation in the industrial internet, and sending the security situation to the security evaluation module;
the security assessment module is specifically configured to perform security assessment on the industrial internet based on the threat detection result and the security situation.
3. The system of claim 2, wherein the situational awareness module is further configured to: and when the security situation of the industrial Internet is determined to be an attacked state, determining an attack source of the industrial Internet.
4. The system of claim 2, further comprising: an automated response module;
the automatic response module is used for determining a security defense strategy based on the threat detection result and the security situation in the industrial internet and sending the security defense strategy to the industrial internet so that the industrial internet carries out security response based on the security defense strategy.
5. The system of claim 4, further comprising: a visual interface presentation module;
and the visual interface presentation module is used for displaying the behavior data information, the threat detection result and the security situation on a visual interface.
6. The system of claim 1, wherein the digital-to-analog module is specifically configured to: and performing digital simulation on an IT domain, an OT domain and a vulnerability in the industrial Internet system based on a digital twin technology to construct an industrial digital twin body.
7. The system of any of claims 1-6, wherein the behavior data information comprises: behavior data generation time, behavior data type, behavior data hazard level, source IP address, source port, destination IP address, and destination port.
8. A security assessment method for industrial Internet, which is characterized by comprising the following steps:
based on a digital twinning technology, performing digital simulation on an industrial Internet system to construct an industrial digital twinning body;
acquiring behavior data information of the industrial internet and the industrial digital twin body, carrying out threat detection on the industrial internet based on the behavior data information, and determining a threat detection result;
and performing security assessment on the industrial Internet based on the threat detection result.
9. The method of claim 8, further comprising, prior to the security assessment of the industrial internet based on the threat detection result:
performing correlation analysis on the behavior data information to determine the security situation in the industrial internet;
correspondingly, the security assessment of the industrial internet based on the threat detection result comprises the following steps:
and performing security assessment on the industrial Internet based on the threat detection result and the security situation.
10. The method of claim 9, further comprising: and determining a security defense strategy based on the threat detection result and the security situation in the industrial Internet, and sending the security defense strategy to the industrial Internet so that the industrial Internet performs security response based on the security defense strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110771846.5A CN113489728A (en) | 2021-07-08 | 2021-07-08 | Safety evaluation system and method for industrial internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110771846.5A CN113489728A (en) | 2021-07-08 | 2021-07-08 | Safety evaluation system and method for industrial internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113489728A true CN113489728A (en) | 2021-10-08 |
Family
ID=77937931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110771846.5A Pending CN113489728A (en) | 2021-07-08 | 2021-07-08 | Safety evaluation system and method for industrial internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113489728A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114299045A (en) * | 2021-12-30 | 2022-04-08 | 成都益新云信息技术有限公司 | Situation perception system and method based on digital twin |
| CN115242423A (en) * | 2022-05-25 | 2022-10-25 | 中国交通信息科技集团有限公司 | Industrial internet security situation display system |
| CN115333867A (en) * | 2022-10-14 | 2022-11-11 | 北京六方云信息技术有限公司 | Threat detection method, threat detection device, terminal equipment and storage medium |
| CN117478394A (en) * | 2023-11-07 | 2024-01-30 | 广州达悦信息科技有限公司 | Network security analysis method and system based on digital twinning |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| US20190138662A1 (en) * | 2017-11-07 | 2019-05-09 | General Electric Company | Programmatic behaviors of a contextual digital twin |
| CN110187686A (en) * | 2019-06-03 | 2019-08-30 | 济南浪潮高新科技投资发展有限公司 | A kind of Internet of Things industrial processes monitoring method based on the twin technology of number |
| CN110320873A (en) * | 2019-07-05 | 2019-10-11 | 武汉魅客科技有限公司 | A kind of real-time three-dimensional presentation system based on distributed sensor |
| CN110609512A (en) * | 2019-09-25 | 2019-12-24 | 新奥(中国)燃气投资有限公司 | Internet of things platform and Internet of things equipment monitoring method |
| US20200159876A1 (en) * | 2018-11-20 | 2020-05-21 | Institute For Information Industry | Simulation apparatus and method |
| CN111262826A (en) * | 2018-12-03 | 2020-06-09 | 西门子股份公司 | Method for identifying network communication behavior deviation, intelligent switch, device and system |
| CN111628981A (en) * | 2020-05-21 | 2020-09-04 | 公安部第三研究所 | Network security system and method capable of being linked with application system |
| CN111967738A (en) * | 2020-07-31 | 2020-11-20 | 华中科技大学 | Risk early warning method, system and medium for power grid information energy fusion system |
| CN112150125A (en) * | 2020-11-26 | 2020-12-29 | 树根互联技术有限公司 | Industrial information system and industrial information system construction method |
| WO2021122298A1 (en) * | 2019-12-19 | 2021-06-24 | Siemens Mobility GmbH | Transmission device for transmitting data |
| CN113035376A (en) * | 2021-04-23 | 2021-06-25 | 清华大学 | Intelligent factory based on industrial internet and construction method thereof |
| CN113065276A (en) * | 2021-03-09 | 2021-07-02 | 北京工业大学 | Intelligent construction method based on digital twins |
-
2021
- 2021-07-08 CN CN202110771846.5A patent/CN113489728A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| US20190138662A1 (en) * | 2017-11-07 | 2019-05-09 | General Electric Company | Programmatic behaviors of a contextual digital twin |
| US20200159876A1 (en) * | 2018-11-20 | 2020-05-21 | Institute For Information Industry | Simulation apparatus and method |
| CN111262826A (en) * | 2018-12-03 | 2020-06-09 | 西门子股份公司 | Method for identifying network communication behavior deviation, intelligent switch, device and system |
| CN110187686A (en) * | 2019-06-03 | 2019-08-30 | 济南浪潮高新科技投资发展有限公司 | A kind of Internet of Things industrial processes monitoring method based on the twin technology of number |
| CN110320873A (en) * | 2019-07-05 | 2019-10-11 | 武汉魅客科技有限公司 | A kind of real-time three-dimensional presentation system based on distributed sensor |
| CN110609512A (en) * | 2019-09-25 | 2019-12-24 | 新奥(中国)燃气投资有限公司 | Internet of things platform and Internet of things equipment monitoring method |
| WO2021122298A1 (en) * | 2019-12-19 | 2021-06-24 | Siemens Mobility GmbH | Transmission device for transmitting data |
| CN111628981A (en) * | 2020-05-21 | 2020-09-04 | 公安部第三研究所 | Network security system and method capable of being linked with application system |
| CN111967738A (en) * | 2020-07-31 | 2020-11-20 | 华中科技大学 | Risk early warning method, system and medium for power grid information energy fusion system |
| CN112150125A (en) * | 2020-11-26 | 2020-12-29 | 树根互联技术有限公司 | Industrial information system and industrial information system construction method |
| CN113065276A (en) * | 2021-03-09 | 2021-07-02 | 北京工业大学 | Intelligent construction method based on digital twins |
| CN113035376A (en) * | 2021-04-23 | 2021-06-25 | 清华大学 | Intelligent factory based on industrial internet and construction method thereof |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114299045A (en) * | 2021-12-30 | 2022-04-08 | 成都益新云信息技术有限公司 | Situation perception system and method based on digital twin |
| CN115242423A (en) * | 2022-05-25 | 2022-10-25 | 中国交通信息科技集团有限公司 | Industrial internet security situation display system |
| CN115333867A (en) * | 2022-10-14 | 2022-11-11 | 北京六方云信息技术有限公司 | Threat detection method, threat detection device, terminal equipment and storage medium |
| CN117478394A (en) * | 2023-11-07 | 2024-01-30 | 广州达悦信息科技有限公司 | Network security analysis method and system based on digital twinning |
| CN117478394B (en) * | 2023-11-07 | 2024-05-17 | 广州达悦信息科技有限公司 | Network security analysis method, system, computer equipment and computer readable storage medium based on digital twin |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alexander et al. | MITRE ATT&CK for industrial control systems: Design and philosophy | |
| CN113489728A (en) | Safety evaluation system and method for industrial internet | |
| EP3206368B1 (en) | Telemetry analysis system for physical process anomaly detection | |
| US11546359B2 (en) | Multidimensional clustering analysis and visualizing that clustered analysis on a user interface | |
| Green et al. | On the significance of process comprehension for conducting targeted ICS attacks | |
| US20180096153A1 (en) | System and Method for Responding to a Cyber-Attack-Related Incident Against an Industrial Control System | |
| Hassanzadeh et al. | Towards effective security control assignment in the Industrial Internet of Things | |
| Ficco et al. | Simulation platform for cyber-security and vulnerability analysis of critical infrastructures | |
| Rubio et al. | Analysis of Intrusion Detection Systems in Industrial Ecosystems. | |
| Fovino et al. | Cyber security assessment of a power plant | |
| Robles-Durazno et al. | PLC memory attack detection and response in a clean water supply system | |
| Hu et al. | Detecting stealthy attacks against industrial control systems based on residual skewness analysis | |
| US20120054866A1 (en) | System, method, and computer software code for detecting a computer network intrusion in an infrastructure element of a high value target | |
| Matsuda et al. | Cyber security risk assessment on industry 4.0 using ics testbed with ai and cloud | |
| CN112351031A (en) | Generation method and device of attack behavior portrait, electronic equipment and storage medium | |
| Kumar et al. | APT attacks on industrial control systems: A tale of three incidents | |
| Serhane et al. | Programmable logic controllers based systems (PLC-BS): Vulnerabilities and threats | |
| Ferencz et al. | Review of industry 4.0 security challenges | |
| Etalle | From intrusion detection to software design | |
| CN111316272A (en) | Advanced cyber-security threat mitigation using behavioral and deep analytics | |
| CN114296406B (en) | Network attack and defense display system, method and device and computer readable storage medium | |
| Peng et al. | Cyber-physical attack-oriented Industrial Control Systems (ICS) modeling, analysis and experiment environment | |
| Munro | SCADA–A critical situation | |
| Liebl et al. | Threat analysis of industrial internet of things devices | |
| CN111404917B (en) | Industrial control simulation equipment-based threat information analysis and detection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |