Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Industrial control network device abnormal traffic detection method

A technology for abnormal equipment and abnormal traffic, applied in the direction of data exchange network, digital transmission system, electrical components, etc., to achieve the effect of reliable operation

Inactive Publication Date: 2018-02-23
北京威努特技术有限公司
View PDF8 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The method of the present invention solves the problems of how to comprehensively collect the traffic sent and received by each device in each industrial control system, how to establish a security baseline, how to determine the abnormal traffic and how to deal with the abnormal traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control network device abnormal traffic detection method
  • Industrial control network device abnormal traffic detection method
  • Industrial control network device abnormal traffic detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0062] Such as figure 1 Shown:

[0063] When monitoring started, the latest flow value of the previous cycle (5 minutes) was found from the database;

[0064] Monitoring cycle 1 (T 0 ~T 1 ) are update traffic.

[0065] Brief description of the process: from T 0 From time to time, go to the database to query (according to the 5-tuple + start time query) to the previous cycle (T -1 ~T 0 ) of the latest flow value Qc, this value is used as the initial value, and then the flow value received in cycle 1 minus the initial value is used as the flow of this time period.

[0066] In summary: monitoring period 1(T 0 ~T 1 ) flow = Q 1 –Qc.

Embodiment 2

[0068] Such as figure 2 Shown:

[0069] When monitoring starts, the latest flow value of the previous cycle (5 minutes) cannot be found from the database;

[0070] Monitoring cycle 1 (T 0 ~T 1 ) are update traffic.

[0071] Brief description of the process: from T 0 Time starts, at time Tm, go to the database query (according to 5-tuple + start time query) away from T 0 Time (this moment is not within the range of the previous cycle) the latest flow value Qc; to ensure T 0 The accuracy of the flow rate within the time period ~Tm, use the following formula to calculate the flow value of this period:

[0072] Δ=(Qm-Qc) / Tm-Tc*(Tm-T 0 ).

[0073] Tm~T 1 Flow rate for time period = new value Qm.

[0074] The new value: namely Tm~T 1 The traffic value received again in .

[0075] In summary: monitoring period 1(T 0 ~T 1 ) flow = Δ + Q 1 –Qm.

Embodiment 3

[0077] Such as image 3 Shown:

[0078] Monitoring cycle 1 (T 0 ~T 1 ), the same quintuple has both aging flow and new flow; the monitoring period T 0 ~T d flow calculation, to determine whether the latest flow value of the previous cycle (5 minutes) has been found from the database, and deal with it according to case 1 or case 2, and finally get the time period (T 0 ~T d ) flow Δ.

[0079] Brief description of the process: from T 0 Moment starts at Ts 2 time, if the traffic type is judged to be 1, then Qs 2 Indicates a new stream, then period 1(T 0 ~T 1 ) flow = Δ + Q 1 .

[0080] Device outgoing traffic:

[0081] In the session information queried with the device as the source IP, the number of all uplink bytes + in the session information queried with the device as the destination IP, the number of all downlink bytes.

[0082] Device inflow traffic:

[0083] In the session information queried with the device as the source IP, the number of all downlink bytes ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an industrial control network device abnormal traffic detection method, comprising the following steps of 1, connecting smart monitoring terminals with a management platform; 2, setting a smart monitoring terminal deployment mode; 3, starting a learning mode and auxiliarily establishing a security base line; 4, turning to an operation mode and starting monitoring abnormal traffic; 5, collecting traffic in real time and carrying out abnormal traffic monitoring according to an abnormal traffic algorithm; 6, generating abnormal traffic alarm and record logs; and 7, restarting monitoring. The method has the beneficial effects that through adoption of an advanced self-learning algorithm, most fundamental traffic trend modes of various devices of an industrial control network are established, on the basis, whole-day real-time monitoring is carried out, once abnormal traffic is triggered, real-time prompting is carried out in a sound and light mode, and the corresponding abnormal traffic logs are generated for subsequent history log query. The powerful technical support for secure, stable and reliable operation of the industrial network of a user is provided.

Description

technical field [0001] The invention relates to a method for detecting abnormal traffic of industrial control network equipment, belonging to the technical field of automatic control. Background technique [0002] At present, with the development of information technology, the originally physically isolated industrial control production and control network has to break the isolation and connect with the enterprise management network or even directly with the Internet, so that the original stable, controllable and reliable industrial control network is facing more and more challenges more risk. From the industrial control security incidents that have occurred in recent years, it can be seen that the number of attacks on the industrial control network is increasing, and the damage caused by the attacks is also increasing. Originally running stably, the requests received by real-time servers and historical servers that only provide services for industrial control network LAN c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/069H04L63/1425
Inventor 冯全宝韩延鹏乔金峰张明远
Owner 北京威努特技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com