CN116132170A - Industrial control equipment safety prevention and control system - Google Patents

Industrial control equipment safety prevention and control system Download PDF

Info

Publication number
CN116132170A
CN116132170A CN202310119507.8A CN202310119507A CN116132170A CN 116132170 A CN116132170 A CN 116132170A CN 202310119507 A CN202310119507 A CN 202310119507A CN 116132170 A CN116132170 A CN 116132170A
Authority
CN
China
Prior art keywords
industrial control
flow
abnormal
list
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310119507.8A
Other languages
Chinese (zh)
Other versions
CN116132170B (en
Inventor
李峰
郭举
白彬
姜明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yuntian Safety Technology Co ltd
Original Assignee
Shandong Yuntian Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yuntian Safety Technology Co ltd filed Critical Shandong Yuntian Safety Technology Co ltd
Priority to CN202310119507.8A priority Critical patent/CN116132170B/en
Publication of CN116132170A publication Critical patent/CN116132170A/en
Application granted granted Critical
Publication of CN116132170B publication Critical patent/CN116132170B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Safety Devices In Control Systems (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The invention relates to a safety prevention and control system of industrial control equipment, which comprises the following steps when the computer program is executed by a processor: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set, and determining a second abnormal flow setting measure according to the industrial control flow information set so as to generate an abnormal heartbeat packet identification measure based on the second abnormal flow setting measure; as can be seen, the method simulates the change rule of the normal flow similar to the abnormal flow according to the industrial control flow information set, and sets the abnormal flow according to the change rule of the transmission time length of the normal flow, so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, be favorable for the design and upgrading of the safety prevention and control system of the industrial control equipment, and further improve the safety of the industrial control equipment.

Description

Industrial control equipment safety prevention and control system
Technical Field
The invention relates to the technical field of industrial control equipment safety, in particular to a safety prevention and control system of industrial control equipment.
Background
With the development of industrial control systems, interconnection and interworking are a trend, but at the same time, higher requirements are also put on network security protection of the industrial control systems. The network security of the industrial control system has the inherent problems of old equipment and operating system, no security mechanism of communication protocol and the like, and is easy to suffer from network attack, thereby causing serious adverse effects such as equipment security, economic damage and the like; there is a need to make network security precautions for industrial control systems.
In the prior art, an initiator of abnormal flow sends the abnormal flow according to different times to avoid the safety prevention and control of industrial control equipment, thereby causing potential safety hazard of the industrial control equipment; therefore, how to determine the abnormal flow is a technical problem which needs to be solved by the person skilled in the art.
Disclosure of Invention
Aiming at the technical problems, the technical scheme adopted by the invention is that the industrial control equipment safety prevention and control system comprises: the industrial control flow information set corresponding to the target industrial control equipment, a processor and a memory storing a computer program, when the computer program is executed by the processor, the following steps are realized:
s100, acquiring a first flow time list A= { A from the industrial control flow information set 1 ,……,A i ,……,A m },A i And i= … … m, wherein m is the number of the first industrial control flow corresponding to the target industrial control equipment.
S120, acquiring a first transmission duration parameter A 'corresponding to A according to A, wherein A' meets the following conditions:
Figure BDA0004079536640000021
s140 of the process of the present invention, when the absolute value of A '-delta A' is less than or equal to delta A 0 When the first industrial control flow is determined to be abnormal flow, delta A 0 Is a preset duration threshold.
S160, when |A '-DeltaA' | > DeltaA 0 In this case, the first time period list c= { C is acquired 1 ,……,C j ,……,C n },C j For the j-th first time period, j= … … n, n being the number of first time periods.
S180, determining abnormal flow corresponding to the target industrial control equipment according to the C.
Compared with the prior art, the invention has obvious advantages and beneficial effects. By means of the technical scheme, the industrial control equipment safety prevention and control system provided by the invention can achieve quite technical progress and practicality, has wide industrial utilization value, and has at least the following advantages:
the invention relates to a safety prevention and control system of industrial control equipment, which comprises the following steps when the computer program is executed by a processor: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set, and determining a second abnormal flow setting measure according to the industrial control flow information set so as to generate an abnormal heartbeat packet identification measure based on the second abnormal flow setting measure; as can be seen, the method simulates the change rule of the normal flow similar to the abnormal flow according to the industrial control flow information set, and sets the abnormal flow according to the change rule of the transmission time length of the normal flow, so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, be favorable for the design and upgrading of the safety prevention and control system of the industrial control equipment, and further improve the safety of the industrial control equipment.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention, as well as the preferred embodiments thereof, together with the following detailed description of the invention, given by way of illustration only, together with the accompanying drawings.
Drawings
FIG. 1 is a flowchart of a computer program executed by a security control system of an industrial control device according to a first embodiment of the present invention;
fig. 2 is a flowchart of an executing computer program of a safety prevention and control system of an industrial control device according to a second embodiment of the present invention;
fig. 3 is a flowchart of an executing computer program of a safety prevention and control system of an industrial control device according to a third embodiment of the present invention.
Detailed Description
In order to further describe the technical means and effects adopted by the present invention to achieve the preset purposes, the following detailed description refers to the specific implementation of a data processing system for monitoring abnormal flow and the effects thereof according to the present invention with reference to the accompanying drawings and the preferred embodiments.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
The first embodiment provides a safety prevention and control system for industrial control equipment, the system includes: the industrial control flow information set corresponding to the target industrial control device, the processor and the memory storing the computer program, when the computer program is executed by the processor, the following steps are realized, as shown in fig. 1:
s100, acquiring a first flow time list A= { A from the industrial control flow information set 1 ,……,A i ,……,A m },A i And i= … … m, wherein m is the number of the first industrial control flow corresponding to the target industrial control equipment.
Specifically, the target industrial control device is an industrial control device to be monitored, which is preset by a user, that is, the industrial control device is an industrial control computer.
Specifically, the industrial control flow information set includes industrial control flow information corresponding to a plurality of target industrial control devices, where each industrial control flow information includes an industrial control flow size corresponding to the target industrial control device and a transmission duration of the industrial control flow corresponding to the target industrial control device, which can be understood as: and the sum of the time length of the industrial control flow sent to the flow monitoring system and the time length of the feedback information received by the flow monitoring system.
Further, the first industrial control flow is an industrial control flow with a flow size difference between abnormal heartbeat packet sizes corresponding to the target industrial control equipment not larger than a preset flow size difference threshold value.
S120, acquiring a first transmission duration parameter A 'corresponding to A according to A, wherein A' meets the following conditions:
Figure BDA0004079536640000041
s140 of the process of the present invention, when the absolute value of A '-delta A' is less than or equal to delta A 0 When the first industrial control flow is determined to be abnormal flow, delta A 0 Is a preset duration threshold.
S160, when |A '-DeltaA' | > DeltaA 0 In this case, the first time period list c= { C is acquired 1 ,……,C j ,……,C n },C j For the j-th first time period, j= … … n, n being the number of first time periods.
Specifically, C j =[C j1 ,C j2 ) Wherein C j1 Is C j Corresponding minimum value, C j2 Is C j Corresponding maximum value.
Further, C j2 And C (j-1)1 Equal.
Specifically, the step S140 further includes the following steps:
s1401, when |A '- ΔA' | > ΔA 0 ' at this time, a first critical duration interval ΔC is acquired 0 =[ΔC 0 1 ,ΔC 0 2 ]Wherein ΔC 0 1 For the minimum sum deltac of the first critical duration interval 0 2 Is the maximum value of the first critical duration interval.
Further, ΔC 0 1 Meets the following conditions:
ΔC 0 1 =min(A i ×m/∑ m i=1 A i )。
further, ΔC 0 2 Meets the following conditions:
ΔC 0 2 =max(A i ×m/∑ m i=1 A i )。
s1403 to DeltaC 0 Processing to generate delta C 0 Corresponding second key duration list C 0 ={C 0 1 ,……,C 0 y ,……,C 0 q },C 0 y For the y-th second key duration, y= … … q, q being the second key duration number.
Further, q meets the following conditions:
q=n-2。
further, C 0 y Meets the following conditions:
C 0 y =y×(ΔC 0 2 -ΔC 0 1 )/(n-2)。
s1405 according to DeltaC 0 1 、ΔC 0 2 And C 0 Obtaining a third key duration list C' = { deltaC 0 1 ,C 0 1 ,……,C 0 y ,……,C 0 q ,ΔC 0 2 }。
S1407, generating C according to the C'; it can be understood that: any two adjacent third critical time periods in the C' are constructed into a first time period.
Further, Δa' meets the following conditions:
Figure BDA0004079536640000051
wherein A is 0 α Alpha-th destination of list of abnormal heartbeat packets as destinationAnd (3) marking the transmission time length of the abnormal heartbeat packet, wherein alpha= … … β, and β is the number of the abnormal heartbeat packets in the abnormal heartbeat packet list.
Above-mentioned, through the maximum parameter value and the minimum parameter value of the transmission time of flow, confirm the duration interval of outflow, confirm the unusual flow according to the flow size change in duration interval to send according to different transmission time in order to avoid the unusual flow identification of the safety prevention and control of industrial control equipment, improved the security of industrial control equipment.
S180, determining abnormal flow corresponding to the target industrial control equipment according to the C.
Specifically, the step S180 further includes the following steps:
s1801, an initial flow size list Q= { Q corresponding to A is obtained 1 ,……,Q i ,……,Q m },Q i Is A i Corresponding initial flow size.
S1803, processing the initial flow corresponding to A according to each first time-length interval corresponding to C to obtain a key flow set Q corresponding to C 0 ={Q 0 1 ,……,Q 0 j ,……,Q 0 n },Q 0 j ={Q 0 j1 ,……,Q 0 jr ,……Q 0 js(j) },Q 0 jr Is C j The size of the r-th critical flow in the system, r= … … s (j), s (j) is C j Critical amount of traffic in.
S1805 according to Q 0 Acquiring Q 0 Corresponding flow difference DeltaQ 0 ={ΔQ 0 1 ,……,ΔQ 0 j ,……,ΔQ 0 n },ΔQ 0 j Is Q 0 j Corresponding flow differences.
Further, deltaQ 0 j Meets the following conditions:
Figure BDA0004079536640000061
s1807, when DeltaQ 0 j When < DeltaQ, deltaQ is determined 0 j The corresponding first industrial control flow is abnormal flow, wherein DeltaQ is a preset flow difference threshold.
S1809, when DeltaQ 0 j When the value is more than or equal to the delta Q, the delta Q is determined 0 j The corresponding first industrial control flow is non-abnormal flow.
The first embodiment provides a safety prevention and control system for an industrial control device, where the system includes an industrial control flow information set corresponding to a target industrial control device, a processor, and a memory storing a computer program, where when the computer program is executed by the processor, the following steps are implemented: acquiring a first flow time list from the industrial control flow information set, and acquiring a first transmission duration parameter corresponding to the first flow time list according to the first flow time list so as to determine abnormal flow according to the first transmission duration parameter; according to the method, the abnormal flow can be determined according to the transmission time of the flow, and then the abnormal flow which is transmitted according to different transmission times to avoid the safety control of the industrial control equipment is identified, so that the safety of the industrial control equipment is improved.
Example two
The second embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by the processor, the system further implements the following steps, as shown in fig. 2:
s200, when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring the second industrial control flow list and B= { B in a preset time period T 1 ,……,B x ,……,B p Second transmission time length list B corresponding to B 0 ={B 0 1 ,……,B 0 x ,……,B 0 p }, wherein B is x For the xth second industrial control flow, B 0 x Is B x And corresponding second transmission duration, wherein x= … … p, and p is the second industrial control flow quantity.
Specifically, the method for determining the abnormal flow in step S200 may refer to steps S100 to S180 in the first embodiment, and will not be described herein.
Specifically, the second industrial control flow is the industrial control flow which is consistent with the preset abnormal heartbeat packet in size.
Specifically, the second transmission duration is a transmission duration corresponding to the second industrial control flow.
S220, according to B 0 And determining a first abnormal flow setting measure so that an abnormal heartbeat packet identification measure is generated based on the first abnormal flow setting measure.
Specifically, the step S220 further includes the following steps:
s2201, according to B 0 Acquisition of B 0 Corresponding intermediate duration interval list d= { D 1 ,……,D v ,……,D w },D v =[D v1 ,D v2 ),D v1 Is B 0 The lower limit value D of the corresponding v-th middle duration interval v2 Is B 0 The upper limit value of the corresponding v-th middle duration interval; it can be understood that: b (B) 0 The adjacent two second transmission time periods are constructed into any middle time period, wherein v= … … w, w is B 0 Corresponding number of intermediate duration intervals.
S2203 according to B 0 Acquisition of B 0 Corresponding first intermediate transmission duration set D 0 ={D 0 1 ,……,D 0 v ,……,D 0 w },D 0 v For D v A corresponding first list of intermediate transmission durations.
Further, the first intermediate transmission duration number λ in each first intermediate transmission duration list, where λ meets the following condition:
λ=T/T 0 ×p,T 0 and presetting transmission time length for the abnormal heartbeat packet.
Further, in step S2203, the method further includes the following steps:
s10, acquiring an intermediate time difference delta B corresponding to B according to the B, wherein the delta B meets the following conditions:
ΔB=(∑ n x=1 (B 0 x- B 0 x-1 ))/(x-1)。
s30, when |D v2 -D v1 When the I is less than or equal to delta B, generating
Figure BDA0004079536640000071
Figure BDA0004079536640000072
Figure BDA0004079536640000073
For D 0 v η= … … λ.
Further, the method comprises the steps of,
Figure BDA0004079536640000081
s50, when |D v2 -D v1 When I > DeltaB, generate
Figure BDA0004079536640000082
Figure BDA0004079536640000083
Figure BDA0004079536640000084
For D 0 v η= … … λ.
Further, the method comprises the steps of,
Figure BDA0004079536640000085
s2205, D 0 v Inserted into D v In (1) generating D v And a corresponding second intermediate transmission duration list.
S2207, the transmission time of the abnormal heartbeat packet is set according to each D v Setting a corresponding second intermediate transmission duration list to generate a first abnormal flow setting measure so as to enable the first abnormal flow to be based onSetting measures, and generating abnormal heartbeat packet identification measures; the abnormal heartbeat packet recognition measures are set by the person skilled in the art according to actual requirements, and are not described herein.
The second embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by a processor, the system further implements the following steps: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring a second industrial control flow list in a preset time period, and determining a first abnormal flow setting measure according to the second industrial control flow list so as to generate an abnormal heartbeat packet identification measure based on the first abnormal flow setting measure; as can be seen, the method simulates the change rule of setting different transmission time lengths according to the second industrial control flow list so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, and is beneficial to the design and upgrading of the safety prevention and control system of the industrial control equipment, so that the safety of the industrial control equipment is improved.
Example III
The third embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by the processor, the system further implements the following steps, as shown in fig. 3:
s300, when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set U= { U 1 ,……,U g ,……,U z },U g ={U g1 ,……,U ga ,……,U gk(g) },U gv For the a-th industrial control flow in the g-th industrial control flow list, g= … … z, z is the number of target flow lists, a= … … k (g), and k (g) is the number of industrial control flows in the g-th industrial control flow list and k (g) is not less than 2.
Specifically, the method for determining the abnormal flow in the step S300 may refer to the steps S100 to S180 in the first embodiment, and will not be described herein.
Specifically, in step S300, the industrial control flow may refer to the industrial control flow in the first embodiment, which is not described herein.
S320, determining a second abnormal flow setting measure according to the U, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure.
Specifically, the step S320 further includes the following steps:
s3201, acquiring a transmission time length list T= { T corresponding to U 1 ,……,T g ,……,T z },T g ={T g1 ,……,T ga ,……,T gk(g) },T ga Is U (U) ga Corresponding transmission duration.
Specifically, in step S3201, the transmission duration corresponding to the industrial control flow may refer to the transmission duration corresponding to the industrial control flow in the first embodiment, which is not described herein.
S3202, according to T, obtaining a target time interval set delta T= { delta T corresponding to T 1 ,……,
ΔT g ,……,ΔT z },ΔT g ={ΔT g1 ,……,ΔT gb ,……,ΔT gh },ΔT gb
Is T g The b-th target time interval in the corresponding target time interval list, b= … … h, where h is the target time interval.
Specifically, at T g Any target time interval in the corresponding target time interval list is adjacent U ga The time interval between corresponding transmission durations.
Specifically, h meets the following conditions:
h=k(g)-1。
s3203, according to the DeltaT, obtaining a target time difference list DeltaT corresponding to the DeltaT 0 ={ΔT 0 1 ,……,ΔT 0 g ,……,ΔT 0 z },ΔT 0 g Is delta T g A corresponding first target time parameter.
Specifically, deltaT 0 g Meets the following conditions:
Figure BDA0004079536640000091
wherein T is 0 Pre-preparation for abnormal heartbeat packageAnd setting the transmission time length.
S3204 according to DeltaT 0 Obtaining DeltaT 0 A corresponding second target time parameter deltat'.
Further, Δt' meets the following conditions:
Figure BDA0004079536640000092
s3205, when DeltaT' > DeltaG, obtaining a first intermediate industrial control flow set U 0 ={U 0 1 ,……,U 0 e ,……,U 0 f },U 0 e For the first intermediate industrial control flow list, e= … … f, f is the number of the first intermediate industrial control flow list; it can be understood that: the first intermediate industrial control flow list is an industrial control flow list when deltat' > deltag, wherein deltag is a preset time parameter threshold.
S3206, from U 0 And acquiring a first intermediate industrial control flow list which is used as a second intermediate industrial control flow list when the number of the first intermediate industrial control flows in any first intermediate industrial control flow list, which is consistent with the size of the abnormal heartbeat packet, is not smaller than a preset flow number threshold value.
S3207, according to the second intermediate industrial control flow list, setting the transmission time length of the abnormal heartbeat packet as a second abnormal flow setting measure, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure; the abnormal heartbeat packet recognition measures are set by the person skilled in the art according to actual requirements, and are not described herein.
Specifically, the step S3207 further includes the following steps:
s1, the maximum time interval delta U in any one of the second intermediate industrial control flow lists is calculated 0 max And a minimum time interval DeltaU 0 min
S3, when any one of the second intermediate industrial control flow lists corresponds to the key time interval difference delta U 0 When the maximum key time interval difference is reached, setting the transmission time length of the target abnormal flow and delta U 0 Corresponding saidAnd the transmission duration of the second intermediate industrial control flow list is consistent.
Further, deltaU 0 Meets the following conditions:
ΔU 0 =(ΔU 0 max- ΔU 0 min )。
the third embodiment provides a safety prevention and control system for an industrial control device, where when the computer program is executed by a processor, the system further implements the following steps: when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set, and determining a second abnormal flow setting measure according to the industrial control flow information set so as to generate an abnormal heartbeat packet identification measure based on the second abnormal flow setting measure; as can be seen, the method simulates the change rule of the normal flow similar to the abnormal flow according to the industrial control flow information set, and sets the abnormal flow according to the change rule of the transmission time length of the normal flow, so as to avoid the strategy of the safety prevention and control system of the industrial control equipment, be favorable for the design and upgrading of the safety prevention and control system of the industrial control equipment, and further improve the safety of the industrial control equipment.
The present invention is not limited to the above-mentioned embodiments, but is intended to be limited to the following embodiments, and any modifications, equivalents and modifications can be made to the above-mentioned embodiments without departing from the scope of the invention.

Claims (9)

1. An industrial control device safety prevention and control system, the system comprising: the industrial control flow information set corresponding to the target industrial control equipment, a processor and a memory storing a computer program, when the computer program is executed by the processor, the following steps are realized:
s300, when a certain industrial control flow of the target industrial control equipment is abnormal flow, acquiring an industrial control flow information set U= { U 1 ,……,U g ,……,U z },U g ={U g1 ,……,U ga ,……,U gk(g) },U gv For the a-th industrial control flow in the g-th industrial control flow list, g= … … z, z is the number of target flow lists, a= … … k (g), k (g) is the number of industrial control flows in the g-th industrial control flow list, and k (g) is not less than 2;
s320, determining a second abnormal flow setting measure according to the U, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure.
2. The industrial control device safety prevention and control system according to claim 1, wherein the target industrial control device is an industrial control device to be monitored, which is preset by a user.
3. The industrial control device safety prevention and control system according to claim 1, wherein the industrial control flow information set comprises industrial control flow information corresponding to a plurality of target industrial control devices, and each industrial control flow information comprises an industrial control flow corresponding to the target industrial control device and a transmission duration of the industrial control flow corresponding to the target industrial control device.
4. The industrial control device safety prevention and control system of claim 1, further comprising, prior to step S300:
s100, acquiring a first flow time list A= { A from the industrial control flow information set 1 ,……,A i ,……,A m },A i For the time of the ith first industrial control flow, i= … … m, and m is the first industrial control flow quantity corresponding to the target industrial control equipment;
s120, acquiring a first transmission duration parameter A 'corresponding to A according to A, wherein A' meets the following conditions:
Figure FDA0004079536590000011
s140 of the process of the present invention, when the absolute value of A '-delta A' is less than or equal to delta A 0 When the first industrial control flow is determined to be abnormal flow, delta A 0 A preset duration threshold value;
s160, when |A '-DeltaA' | > DeltaA 0 In this case, the first time period list c= { C is acquired 1 ,……,C j ,……,C n },C j J= … … n for the j-th first time period, n being the number of first time periods;
s180, determining abnormal flow corresponding to the target industrial control equipment according to the C.
5. The industrial control device safety prevention and control system according to claim 4, wherein in step S160, C j =[C j1 ,C j2 ) Wherein C j1 Is C j Corresponding minimum value, C j2 Is C j Corresponding maximum value.
6. The industrial control device safety prevention and control system of claim 5, wherein C j2 And C (j-1)1 Equal.
7. The industrial control device safety prevention and control system of claim 4, further comprising the steps of:
s1801, an initial flow size list Q= { Q corresponding to A is obtained 1 ,……,Q i ,……,Q m },Q i Is A i Corresponding initial flow size;
s1803, processing the initial flow corresponding to A according to each first time-length interval corresponding to C to obtain a key flow set Q corresponding to C 0 ={Q 0 1 ,……,Q 0 j ,……,Q 0 n },Q 0 j ={Q 0 j1 ,……,Q 0 jr ,……Q 0 js(j) },Q 0 jr Is C j The size of the r-th critical flow in the system, r= … … s (j), s (j) is C j Critical flow amount in;
s1805 according to Q 0 Acquiring Q 0 Corresponding flow difference DeltaQ 0 ={ΔQ 0 1 ,……,ΔQ 0 j ,……,ΔQ 0 n },ΔQ 0 j Is Q 0 j Corresponding flow differences;
s1807, when DeltaQ 0 j When < DeltaQ, deltaQ is determined 0 j The corresponding first industrial control flow is abnormal flow, wherein DeltaQ is a preset flow difference threshold;
s1809, when DeltaQ 0 j When the value is more than or equal to the delta Q, the delta Q is determined 0 j The corresponding first industrial control flow is non-abnormal flow.
8. The industrial control device safety prevention and control system of claim 7, wherein Δq 0 j Meets the following conditions:
Figure FDA0004079536590000031
9. the industrial control device safety prevention and control system of claim 1, further comprising the steps of:
s3201, acquiring a transmission time length list T= { T corresponding to U 1 ,……,T g ,……,T z },T g ={T g1 ,……,T ga ,……,T gk(g) },T ga Is U (U) ga Corresponding transmission time length;
s3202, according to T, obtaining a target time interval set delta T= { delta T corresponding to T 1 ,……,ΔT g ,……,ΔT z },ΔT g ={ΔT g1 ,……,ΔT gb ,……,ΔT gh },ΔT gb Is T g The corresponding destination time interval listb target time intervals, b= … … h, h being the target time interval;
s3203, according to the DeltaT, obtaining a target time difference list DeltaT corresponding to the DeltaT 0 ={ΔT 0 1 ,……,ΔT 0 g ,……,ΔT 0 z },ΔT 0 g Is delta T g A corresponding first target time parameter;
s3204 according to DeltaT 0 Obtaining DeltaT 0 A corresponding second target time parameter Δt ', wherein Δt' meets the following conditions:
Figure FDA0004079536590000032
s3205, when DeltaT' > DeltaG, obtaining a first intermediate industrial control flow set U 0 ={U 0 1 ,……,U 0 e ,……,U 0 f },U 0 e For the first intermediate industrial control flow list, e= … … f, f is the number of the first intermediate industrial control flow list, where Δg is a preset time parameter threshold; .
S3206, from U 0 And acquiring a first intermediate industrial control flow list which is used as a second intermediate industrial control flow list when the number of the first intermediate industrial control flows in any first intermediate industrial control flow list, which is consistent with the size of the abnormal heartbeat packet, is not smaller than a preset flow number threshold value.
S3207, according to the second intermediate industrial control flow list, setting the transmission duration of the abnormal heartbeat packet as a second abnormal flow setting measure, so that an abnormal heartbeat packet identification measure is generated based on the second abnormal flow setting measure.
CN202310119507.8A 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system Active CN116132170B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310119507.8A CN116132170B (en) 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310119507.8A CN116132170B (en) 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system

Publications (2)

Publication Number Publication Date
CN116132170A true CN116132170A (en) 2023-05-16
CN116132170B CN116132170B (en) 2023-09-29

Family

ID=86297167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310119507.8A Active CN116132170B (en) 2023-02-13 2023-02-13 Industrial control equipment safety prevention and control system

Country Status (1)

Country Link
CN (1) CN116132170B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519290A (en) * 2019-09-03 2019-11-29 南京中孚信息技术有限公司 Anomalous traffic detection method, device and electronic equipment
CN110784458A (en) * 2019-10-21 2020-02-11 新华三信息安全技术有限公司 Flow abnormity detection method and device and network equipment
CN112165471A (en) * 2020-09-22 2021-01-01 杭州安恒信息技术股份有限公司 Industrial control system flow abnormity detection method, device, equipment and medium
CN113992396A (en) * 2021-10-26 2022-01-28 深信服科技股份有限公司 Flow detection method and device, electronic equipment and storage medium
CN114157516A (en) * 2022-02-09 2022-03-08 北京搜狐新媒体信息技术有限公司 Flow detection method and device, electronic equipment and computer storage medium
WO2022139642A1 (en) * 2020-12-22 2022-06-30 Telefonaktiebolaget Lm Ericsson (Publ) Device, method, and system for supporting botnet traffic detection
CN114944957A (en) * 2022-06-06 2022-08-26 山东云天安全技术有限公司 Abnormal data detection method and device, computer equipment and storage medium
CN115001853A (en) * 2022-07-18 2022-09-02 山东云天安全技术有限公司 Abnormal data identification method and device, storage medium and computer equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519290A (en) * 2019-09-03 2019-11-29 南京中孚信息技术有限公司 Anomalous traffic detection method, device and electronic equipment
CN110784458A (en) * 2019-10-21 2020-02-11 新华三信息安全技术有限公司 Flow abnormity detection method and device and network equipment
CN112165471A (en) * 2020-09-22 2021-01-01 杭州安恒信息技术股份有限公司 Industrial control system flow abnormity detection method, device, equipment and medium
WO2022139642A1 (en) * 2020-12-22 2022-06-30 Telefonaktiebolaget Lm Ericsson (Publ) Device, method, and system for supporting botnet traffic detection
CN113992396A (en) * 2021-10-26 2022-01-28 深信服科技股份有限公司 Flow detection method and device, electronic equipment and storage medium
CN114157516A (en) * 2022-02-09 2022-03-08 北京搜狐新媒体信息技术有限公司 Flow detection method and device, electronic equipment and computer storage medium
CN114944957A (en) * 2022-06-06 2022-08-26 山东云天安全技术有限公司 Abnormal data detection method and device, computer equipment and storage medium
CN115001853A (en) * 2022-07-18 2022-09-02 山东云天安全技术有限公司 Abnormal data identification method and device, storage medium and computer equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张天;: "基于隐蔽异常流量的网络通信传输安全检测", 信息与电脑(理论版), no. 24, pages 1 - 2 *

Also Published As

Publication number Publication date
CN116132170B (en) 2023-09-29

Similar Documents

Publication Publication Date Title
CN116112380B (en) Industrial control safety control system based on abnormal flow
CN116112270B (en) Data processing system for determining abnormal flow
CN108449286B (en) Network bandwidth resource allocation method and device
WO2016080422A1 (en) Communication control device and communication system
JP2018106686A5 (en)
US20070179900A1 (en) License protection system, billing system therewith, and method for licensing a software
CN101395843A (en) Digital rights management using trusted time
JP2005520466A5 (en)
CN108777805B (en) Detection method and device for illegal access request, central control server and system
CN116132170B (en) Industrial control equipment safety prevention and control system
CN109583161B (en) Information processing method and device and storage medium
CN111125648B (en) Equipment change method and device
CN111651170A (en) Instance dynamic adjustment method and device and related equipment
CN113641517B (en) Service data transmitting method, device, computer equipment and storage medium
CN101471884A (en) Communication system allowing reduction in congestion by restricting communication
CN103312621A (en) Flow control system and flow control method
CN115238277A (en) Safety protection system of network information
CN111078712B (en) Big data cluster updating method and device, computer equipment and storage medium
JP6833143B2 (en) ECU, monitoring ECU and CAN system
CN110400449B (en) Alarm message input method, device, monitoring server and storage medium
RU2633986C2 (en) Method of dynamic protected object state control
CN112380550A (en) Energy consumption data acquisition method, device and equipment and readable storage medium
CN112101652B (en) Method and device for predicting task number, readable storage medium and electronic equipment
CN116320612B (en) Video data transmission system
EP1279099A2 (en) Method for eliminating an error in a data processing unit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant