CN113965921A - Network security emergency response method and response system for power system - Google Patents
Network security emergency response method and response system for power system Download PDFInfo
- Publication number
- CN113965921A CN113965921A CN202111109275.5A CN202111109275A CN113965921A CN 113965921 A CN113965921 A CN 113965921A CN 202111109275 A CN202111109275 A CN 202111109275A CN 113965921 A CN113965921 A CN 113965921A
- Authority
- CN
- China
- Prior art keywords
- data
- safety
- network
- emergency plan
- emergency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/90—Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Emergency Management (AREA)
- Environmental & Geological Engineering (AREA)
- Public Health (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Supply And Distribution Of Alternating Current (AREA)
Abstract
The invention relates to a power system network security emergency response method and a response system. The response system used for the response method comprises a data monitoring module, a safety situation evaluation module, a safety emergency plan module and a power system network safety processing module, wherein the safety situation evaluation module comprises equipment safety evaluation, data safety evaluation, content safety evaluation and behavior safety evaluation. The invention has stronger pertinence and wide data acquisition range, can carry out comprehensive acquisition and analyze and process network data, has stronger sensing capability, can quickly react and process according to different emergency plans, and summarizes experience after processing so as to avoid reoccurrence.
Description
Technical Field
The invention belongs to the power system network security technology, and particularly relates to a power system network security emergency response method and a response system thereof.
Background
The network security event of the power system refers to illegal behaviors affecting the network security of the computer system and the power system, generally occurs in a short time and causes huge loss. The network safety emergency response of the power system needs to clearly know the network safety of the power system, has pre-estimation and emergency plan preparation, and therefore, when an emergency power system network safety event happens, the emergency power system network safety response is orderly dealt with and properly processed.
The construction of the network security emergency response system of the power system in China is also based on the original emergency response system and is improved and perfected through a series of practices, the existing method for dealing with the network security events of the power system is complicated, the troubleshooting burden of security operation and maintenance personnel is increased, and the response is not fast enough. In addition, some power system network security events occur repeatedly because the power system network security events cannot effectively absorb experience after the power system network security events occur. Therefore, it is necessary and urgent to design a method for responding to network security emergency in power system to improve the processing level of effective estimation and accurate handling.
Disclosure of Invention
In view of the above situation, the present invention provides a power system network security emergency response method, which includes a data monitoring module, a security situation assessment module, a security emergency plan module and a power system network security processing module, wherein the security situation assessment module includes equipment security assessment, data security assessment, content security assessment and behavior security assessment, and based on this, a response method is provided, which includes monitoring a power system network security event, performing situation assessment of monitoring data, starting a security emergency plan, performing a plan power system network security event processing in a targeted manner, feeding back a network information system, and supplementing a security emergency plan. The invention has stronger pertinence and wide data acquisition range, can carry out comprehensive acquisition and analyze and process network data, has stronger sensing capability, can quickly react and process according to different emergency plans, and is generally tested to avoid reoccurrence after the processing is finished.
The invention provides a network security emergency response method for a power system, which comprises the following steps:
s1, monitoring the network security event of the power system: carrying out data monitoring on the network security data of the power system, wherein the data monitoring comprises monitoring network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
s2, performing situation evaluation of the monitoring data: the emergency response system is used for configuring various monitoring functions of the monitoring data module, including resource management, role management, user management, host configuration, monitoring link state and database mapping configuration, the monitoring host monitors data of the database, including CPU use condition and disk space capacity data backup, the monitoring host performs daily management and performance optimization on the data while monitoring the data, performs comprehensive evaluation on the data, timely responds to data security problems, performs situation evaluation of multiple levels and multiple angles, evaluates service security, data security, infrastructure security and overall security of the network, and evaluates data with security threats to the network by using a situation evaluation method;
the situation assessment comprises four assessment levels, wherein the four assessment levels are an equipment safety level, a data safety level, a content safety level and a behavior safety level respectively;
s3, starting a safety emergency plan: aiming at different types of network security threats of a power system of a computer, an information system, the Internet, a private network and an intranet, starting corresponding different security emergency plans comprising a first security emergency plan and a second security emergency plan;
s4, carrying out the network security event processing of the pre-planned power system in a targeted manner: after the system is started, the network security events of the power system are processed in a targeted manner, and the emergent network security events of the power system need to shut down the problematic strategies within the shortest time, so that an administrator can quickly manage and control the strategies in the system at any time and any place;
s5, feeding back a network information system and supplementing a safety emergency plan: after the network security events of the power system are processed, the network information system is rebuilt, the network security events of the power system are traced back, the reasons of the events are judged, corresponding solutions are made for the events, and the event processing solutions are enriched and supplemented into corresponding safety emergency plans.
Further, in step S3, the first security emergency plan is labeled by means of a labeling client, the preset emergency plan knowledge element model and the object to be labeled are fed back to the labeling client as reference standards, the labeling client labels the object to be labeled according to the reference standards provided by the labeling client, and after the labeling is completed, the labeling result is fed back to the server by the labeling client; the second safety emergency plan trains an initial labeling model according to the training data set to obtain a trained labeling model, and labels the split emergency plan text through the trained labeling model to obtain a labeling result; the training data set feeds back a preset emergency plan knowledge element model and other split emergency plan texts to a labeling user side, after labeling is completed, a corresponding labeling result is obtained, and then the labeling result and the corresponding emergency plan text are combined; the labeling result comprises emergency plan knowledge elements in the split emergency plan text, attributes of the emergency plan knowledge elements and relations among the emergency plan knowledge elements.
Further, in the step S1, the data monitoring is performed on the network security data of the power system through a detection tool, and the elements affecting the system security are detected, acquired and obtained through an automatic detection device.
Further, the situation assessment method in step S2 includes an Endsley model for situation awareness, an OODA model for loop confrontation, a JDL model for data fusion, and an RPD model for hypothesis and inference.
The invention also provides a response system for the power system network safety emergency response method, which comprises a data monitoring module, a safety situation evaluation module, a safety emergency plan module and a power system network safety processing module,
the data monitoring module comprises network structure data monitoring, network service data monitoring, vulnerability data monitoring, threat data monitoring, intrusion data monitoring and user abnormal data monitoring, and is used for widely monitoring the network security data of the power system;
the safety situation evaluation module comprises equipment safety evaluation, data safety evaluation, content safety evaluation and behavior safety evaluation and is used for evaluating the situation of the monitored data;
the safety emergency plan module comprises a computer safety emergency plan, an information system safety emergency plan, an interconnection network safety emergency plan, a private network safety emergency plan and an intranet safety emergency plan, and the safety emergency plan module is used for starting different corresponding safety emergency plans aiming at different types of network safety threats of the power system;
the electric power system network security processing module comprises a targeted processing module, a network information reconstruction module and a security emergency plan supplement module, wherein the targeted processing module is used for performing targeted processing on electric power system network security events, and the network information reconstruction module and the security emergency plan supplement module are respectively used for reconstructing and enriching supplement security emergency plans on a network information system after the electric power system network security events are processed.
Preferably, the computer security emergency plan is an emergency plan preset for the computer, and protects hardware, software and data of the computer; the information system safety emergency plan is an emergency plan preset for data safety, and the confidentiality, integrity and usability of information data are ensured; the internet safety emergency plan is an emergency plan which is provided aiming at the confidentiality, the integrity, the availability, the authenticity and the controllability of information on the internet; the private network safety emergency plan is an emergency plan which is provided aiming at a network of object service; the intranet safety emergency plan is an emergency plan which is provided aiming at the summary of a series of safety strategies and measures of an enterprise internal network information system.
The invention has the characteristics and beneficial effects that:
1. the power system network security emergency response method provided by the invention has the advantages of strong pertinence and wide data acquisition range, and can be used for comprehensively acquiring and subsequently sensing network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data.
2. The network security emergency response method for the power system provided by the invention can be used for sensing and analyzing the network data by utilizing an Endsley model for situation sensing, an OODA model for cyclic confrontation, a JDL model for data fusion and an RPD model for hypothesis and reasoning, and can be used for comprehensively analyzing and processing the network data.
3. The power system network safety emergency response system provided by the invention has stronger sensing capability, can quickly react the network safety events of the power system and process the network safety events according to different emergency plans, and can summarize experiences according to the network emergency plans after the emergency plans are processed, thereby avoiding the great loss of the same or similar power system network safety events.
Drawings
FIG. 1 is a schematic diagram of a network security emergency response method of an electrical power system according to the present invention;
FIG. 2 is a hierarchical composition diagram of the situational assessment of the present invention;
fig. 3 is a composition diagram of the network safety emergency response system of the power system of the present invention.
In the figure:
1-a data monitoring module; 11-structural data monitoring; 12-network service data monitoring; 13-monitoring vulnerability data; 14-threat data monitoring; 15-intrusion data monitoring; 16-user abnormal data monitoring; 2-a security posture assessment module; 21-equipment safety evaluation; 22-data security assessment; 23-content security assessment; 24-behavioral safety assessment; 3-a safety emergency plan module; 31-computer safety emergency plan; 32-information system safety emergency plan; 33-internet security emergency plans; 34-private network safety emergency plan; 35-intranet safety emergency response plan; 4-a power system network security processing module; 41-a targeted processing module; 42-a network information reconstruction module; 43-supplementary module of safety emergency plan.
Detailed Description
The technical contents, structural features, attained objects and effects of the present invention are explained in detail below with reference to the accompanying drawings.
In the field of electric power, protection of an electric power information system takes a network system and a network-based production control system as a protection core. The safety protection mechanism of the power information system is constructed and perfected, and in the reasonable safety protection mechanism, the protection of the core information from the invasion of hackers, viruses and the like is very important. If the outside has a group with organization when invading the electric power information system network, the electric power information system can effectively resist the invasion, so that adverse consequences can be avoided, the core function of the electric power information system can be quickly protected after the invasion of the system, and the condition that the electric power system runs abnormally is avoided.
As shown in fig. 3, the network security emergency response system for the power system provided by the invention includes a data monitoring module 1, a security situation evaluation module 2, a security emergency plan module 3, and a network security processing module 4 for the power system.
The data monitoring module comprises a network structure data monitoring module 1, a network service data monitoring module 12, a vulnerability data monitoring module 13, a threat data monitoring module 14, an intrusion data monitoring module 15 and a user abnormal data monitoring module 16, and the data monitoring module is used for monitoring the network safety data of the power system widely.
The security situation assessment module 2 comprises a device security assessment 21, a data security assessment 22, a content security assessment 23 and a behavior security assessment 24, and performs situation assessment on the monitored data.
The safety emergency plan module 3 comprises a computer safety emergency plan 31, an information system safety emergency plan 32, an internet safety emergency plan 33, a private network safety emergency plan 34 and an intranet safety emergency plan 35, and is started corresponding to different safety emergency plans aiming at different types of network safety threats of the power system. The computer safety emergency plan 31 is an emergency plan preset for a computer, and protects hardware, software and data of the computer; the information system safety emergency plan 32 is an emergency plan preset for data safety, and ensures confidentiality, integrity and availability of information data; the internet security emergency plan 33 is an emergency plan provided for confidentiality, integrity, availability, authenticity and controllability of information on the internet; the private network security emergency plan 34 is an emergency plan proposed for a network of object services; the intranet security emergency plan 35 is an emergency plan provided for a series of security policies and measures of the enterprise intranet information system.
The electric power system network security processing module 4 comprises a pertinence processing module 41, a network information re-modeling module 42 and a security emergency plan supplementing module 43, wherein the pertinence processing module 41 performs pertinence processing on the electric power system network security events, and the network information rebuilding module 42 and the security emergency plan supplementing module 43 respectively rebuild and enrich and supplement security emergency plans on the network information system after the electric power system network security events are processed.
As shown in fig. 1, in another aspect of the present invention, there is provided a response method using the foregoing power system network security emergency response system, the method including the steps of:
s1, monitoring the network security event of the power system: and carrying out data monitoring on the network security data of the power system, wherein the data comprises monitoring network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data. The data monitoring is carried out on the network safety data of the power system through a detection tool, and elements influencing the system safety are detected, collected and obtained through an automatic detection device.
S2, performing situation evaluation of the monitoring data: the emergency response system is used for configuring various monitoring functions of the monitoring data module, including resource management, role management, user management, host configuration, monitoring link state and database mapping configuration, the monitoring host monitors data of the database, including CPU use condition and disk space capacity data backup, the monitoring host performs daily management and performance optimization on the data while monitoring the data, performs comprehensive evaluation on the data, timely responds to data safety problems, performs situation evaluation of multiple levels and multiple angles, evaluates service safety, data safety, infrastructure safety and overall safety conditions of the network, and evaluates data with safety threats to the network by using a situation evaluation method.
As shown in fig. 2, the situation assessment is divided into four assessment levels, specifically including an equipment security level, a data security level, a content security level, and a behavior security level; the situation assessment method includes an Endsley model for situation awareness, an OODA (observation, adjustment, decision, action) model for loop confrontation, a JDL (information fusion) model for data fusion, and an RPD (recognition initiated decision method) model for hypothesis and reasoning. The network security situation awareness can comprehensively analyze the security information between the network security and the application system, analyze whether the network security exists or not based on the angle of global awareness, and can effectively predict the future security state.
S3, starting a safety emergency plan: aiming at different types of network security threats of a computer, an information system, the Internet, a private network and an intranet, different corresponding security emergency plans are started, wherein the security emergency plans comprise a first security emergency plan and a second security emergency plan.
The first safety emergency plan is labeled by means of a labeling user side in a manual labeling mode, reference standards, namely a preset emergency plan knowledge element model and an object to be labeled, are fed back to the labeling user side, a labeling user labels the object to be labeled through the reference standards provided by the labeling user side, and after manual labeling is completed, a labeling result is fed back to a server through the labeling user side; in the embodiment of the application, the preset emergency plan knowledge element model and the split emergency plan text are fed back to the labeling user side for labeling the corresponding information, so that the effective labeling of the corresponding information is realized.
The second safety emergency plan trains an initial labeling model according to the training data set to obtain a trained labeling model, and labels the split emergency plan text through the trained labeling model to obtain a labeling result; the training data set feeds back a preset emergency plan knowledge element model and other split emergency plan texts to a labeling user side, obtains a corresponding labeling result after manual labeling, and then combines the labeling result with the corresponding emergency plan text; and the labeling result comprises the emergency plan knowledge elements in the split emergency plan text, the attributes of the emergency plan knowledge elements and the relationship among the emergency plan knowledge elements.
S4, carrying out the network security event processing of the pre-planned power system in a targeted manner: after the system is started, the network security events of the power system are processed in a targeted manner, and the emergent network security events need to shut down the problem strategies within the shortest time, so that an administrator can quickly manage and control the strategies in the system at any time and any place;
s5, feeding back a network information system and supplementing a safety emergency plan: after the network security events of the power system are processed, the network information system is rebuilt, the security events are traced back, the reasons of the events are judged, corresponding solutions are made for the events, and the event processing solutions are enriched and supplemented into corresponding security emergency plans.
The network security emergency response method for the power system has the advantages of strong pertinence and wide data acquisition range, and can be used for comprehensively acquiring and subsequently sensing network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data; the Endsley model for situation awareness, the OODA model for cyclic confrontation, the JDL model for data fusion and the RPD model for hypothesis and reasoning are used for perceiving and analyzing the network data, so that the network data can be analyzed and processed more comprehensively; the power system network safety emergency response system is high in sensing capability, can quickly react the network safety events of the power system and process the network safety events according to different emergency plans, and can summarize experiences according to the network emergency plans after the emergency plans are processed, so that the same or similar power system network safety events are prevented from being greatly lost.
The above-mentioned embodiments are merely illustrative of the preferred embodiments of the present invention, and do not limit the scope of the present invention, and various modifications and improvements made to the technical solution of the present invention by those skilled in the art without departing from the spirit of the present invention shall fall within the protection scope defined by the claims of the present invention.
Claims (6)
1. A power system network safety emergency response method is characterized by comprising the following steps:
s1, monitoring the network security event of the power system: carrying out data monitoring on the network security data of the power system, wherein the data monitoring comprises monitoring network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
s2, performing situation evaluation of the monitoring data: the emergency response system is used for configuring various monitoring functions of the monitoring data module, including resource management, role management, user management, host configuration, monitoring link state and database mapping configuration, the monitoring host is used for monitoring data of the database, including CPU use condition and disk space capacity data backup, the monitoring host is used for performing daily management and performance optimization on the data while monitoring the data, performing comprehensive evaluation on the data, responding to data safety problems in time, performing situation evaluation of multiple levels and multiple angles, evaluating service safety, data safety, infrastructure safety and overall safety conditions of a network, and evaluating data with safety threats to the network by using a situation evaluation method;
the situation assessment comprises four assessment levels, wherein the four assessment levels are an equipment safety level, a data safety level, a content safety level and a behavior safety level respectively;
s3, starting a safety emergency plan: aiming at different types of network security threats of a computer, an information system, the Internet, a private network and an intranet, starting corresponding different security emergency plans comprising a first security emergency plan and a second security emergency plan;
s4, carrying out the network security event processing of the pre-planned power system in a targeted manner: after the system is started, the network security events of the power system are processed in a targeted manner, and the emergent network security events of the power system need to shut down the problematic strategies within the shortest time, so that an administrator can quickly manage and control the strategies in the system at any time and any place;
s5, feeding back a network information system and supplementing a safety emergency plan: after the network security events of the power system are processed, the network information system is rebuilt, the network security events of the power system are traced back, the reasons of the events are judged, corresponding solutions are made for the events, and the event processing solutions are enriched and supplemented into corresponding safety emergency plans.
2. The network security emergency response method of the power system according to claim 1, wherein in step S3, the first security emergency plan is labeled by means of a labeling client, a preset emergency plan knowledge element model and an object to be labeled are fed back to the labeling client as reference standards, a labeling user labels the object to be labeled according to the reference standards provided by the labeling client, and after the labeling is completed, a labeling result is fed back to the server through the labeling client; the second safety emergency plan trains an initial labeling model according to the training data set to obtain a trained labeling model, and labels the split emergency plan text through the trained labeling model to obtain a labeling result; the training data set feeds back a preset emergency plan knowledge element model and other split emergency plan texts to a labeling user side, after the labeling is completed, a corresponding labeling result is obtained, and then the labeling result and the corresponding emergency plan text are combined; the labeling result comprises emergency plan knowledge elements in the split emergency plan text, attributes of the emergency plan knowledge elements and relations among the emergency plan knowledge elements.
3. The electric power system network security emergency response method according to claim 1, wherein the data monitoring in step S1 is performed by monitoring electric power system network security data through a detection tool, and the elements affecting the system security are detected, collected and obtained through an automatic detection device.
4. The power system network security emergency response method according to claim 1, wherein the situation assessment method in step S2 includes an Endsley model for situation awareness, an OODA model for loop confrontation, a JDL model for data fusion, and an RPD model for hypothesis and reasoning.
5. A response system for the power system network security emergency response method according to one of claims 1 to 4, characterized in that it comprises a data monitoring module, a security situation assessment module, a security emergency plan module and a power system network security processing module,
the data monitoring module comprises network structure data monitoring, network service data monitoring, vulnerability data monitoring, threat data monitoring, intrusion data monitoring and user abnormal data monitoring and is used for widely monitoring the network security data of the power system;
the safety situation evaluation module comprises equipment safety evaluation, data safety evaluation, content safety evaluation and behavior safety evaluation and is used for carrying out situation evaluation on monitored data;
the safety emergency plan module comprises a computer safety emergency plan, an information system safety emergency plan, an internet safety emergency plan, a private network safety emergency plan and an intranet safety emergency plan, and the safety emergency plan module is used for starting different corresponding safety emergency plans aiming at different types of network safety threats of the power system;
the electric power system network security processing module comprises a targeted processing module, a network information reconstruction module and a security emergency plan supplement module, wherein the targeted processing module is used for performing targeted processing on electric power system network security events, and the network information reconstruction module and the security emergency plan supplement module are used for reconstructing and enriching supplement security emergency plans on the network information system after the electric power system network security events are processed.
6. The response system of claim 5, wherein the computer security emergency protocol is an emergency protocol preset for a computer for protecting hardware, software and data of the computer; the information system safety emergency plan is an emergency plan preset for data safety and is used for ensuring the confidentiality, integrity and availability of information data; the internet safety emergency plan is an emergency plan which is provided aiming at the confidentiality, the integrity, the availability, the authenticity and the controllability of information on the internet; the private network safety emergency plan is an emergency plan which is provided aiming at a network of object service; the intranet safety emergency plan is an emergency plan which is provided aiming at the summary of a series of safety strategies and measures of an enterprise internal network information system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111109275.5A CN113965921A (en) | 2021-09-22 | 2021-09-22 | Network security emergency response method and response system for power system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111109275.5A CN113965921A (en) | 2021-09-22 | 2021-09-22 | Network security emergency response method and response system for power system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113965921A true CN113965921A (en) | 2022-01-21 |
Family
ID=79461916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111109275.5A Pending CN113965921A (en) | 2021-09-22 | 2021-09-22 | Network security emergency response method and response system for power system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113965921A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115296873A (en) * | 2022-07-26 | 2022-11-04 | 北京科能腾达信息技术股份有限公司 | Computer network safety controller, medium, equipment and terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110161930A (en) * | 2019-06-05 | 2019-08-23 | 安徽三实信息技术服务有限公司 | A kind of data monitoring system and its data monitoring method |
| CN111740974A (en) * | 2020-06-16 | 2020-10-02 | 黑龙江省网络空间研究中心 | Network security emergency linkage system and method |
| CN111740975A (en) * | 2020-06-16 | 2020-10-02 | 黑龙江省网络空间研究中心 | Network security situation awareness system and method |
| CN112836018A (en) * | 2021-02-07 | 2021-05-25 | 北京联创众升科技有限公司 | Method and device for processing emergency plan |
-
2021
- 2021-09-22 CN CN202111109275.5A patent/CN113965921A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110161930A (en) * | 2019-06-05 | 2019-08-23 | 安徽三实信息技术服务有限公司 | A kind of data monitoring system and its data monitoring method |
| CN111740974A (en) * | 2020-06-16 | 2020-10-02 | 黑龙江省网络空间研究中心 | Network security emergency linkage system and method |
| CN111740975A (en) * | 2020-06-16 | 2020-10-02 | 黑龙江省网络空间研究中心 | Network security situation awareness system and method |
| CN112836018A (en) * | 2021-02-07 | 2021-05-25 | 北京联创众升科技有限公司 | Method and device for processing emergency plan |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115296873A (en) * | 2022-07-26 | 2022-11-04 | 北京科能腾达信息技术股份有限公司 | Computer network safety controller, medium, equipment and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11238366B2 (en) | Adaptive object modeling and differential data ingestion for machine learning | |
| US10498744B2 (en) | Integrity monitoring in a local network | |
| Eckhart et al. | A specification-based state replication approach for digital twins | |
| Lin et al. | Adapting bro into scada: building a specification-based intrusion detection system for the dnp3 protocol | |
| US20200287920A1 (en) | Endpoint network traffic analysis | |
| CN111740974A (en) | Network security emergency linkage system and method | |
| CN113424157A (en) | Multi-dimensional periodic detection of IoT device behavior | |
| CN104301147A (en) | Method for monitoring service and process activities in service application system | |
| Gibadullin et al. | Development of the system for automated incident management based on open-source software | |
| Almeida et al. | Benchmarking the resilience of self-adaptive software systems: perspectives and challenges | |
| US20180165145A1 (en) | Device driver telemetry | |
| CN113965921A (en) | Network security emergency response method and response system for power system | |
| CN112257069A (en) | Server security event auditing method based on flow data analysis | |
| Bai et al. | Resilience-driven quantitative analysis of vehicle platooning service | |
| Itodo et al. | Digital forensics and incident response (DFIR) challenges in IoT platforms | |
| KR101433045B1 (en) | System and method for detecting error beforehand | |
| CN107682166B (en) | Implementation method for remote data acquisition of safety operation and maintenance service platform based on big data | |
| CN116662112A (en) | Digital monitoring platform using full-automatic scanning and system state evaluation | |
| Akailvi et al. | HELOT–Hunting Evil Life in Operational Technology | |
| Gao et al. | Study on data acquisition solution of network security monitoring system | |
| CN113132379A (en) | Intelligent security system of warehousing system | |
| Deng et al. | A distributed real-time event correlation architecture for SCADA security | |
| US10467082B2 (en) | Device driver verification | |
| Jahnke | An open and secure infrastructure for distributed intrusion detection sensors | |
| CN115102725B (en) | Security audit method, device and medium for industrial robot |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |