Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An industrial control full flow analysis method and device

An analysis method and technology of an analysis device, applied in the field of network security, can solve problems such as inability to use peripheral equipment, inconvenience for network security personnel, and monitoring software vulnerable to human interference and virus attacks.

Active Publication Date: 2021-01-22
四川神虎科技有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] One is for general-purpose computer systems, using installation software such as wireshark / tshark to capture packets on the network inside the computer. The disadvantage is that the monitoring software is vulnerable to human interference and virus attacks and cannot be applied to peripheral devices such as network printers;
[0005] The other is to connect to a specific PC through the network mirroring function of the routing device, and intercept the network data of the mirrored network through packet capture software. Although this method can intercept the data of the mirrored network, it must have a port mirroring function. A router or switch, a PC and complex IP configuration can easily affect the user's network environment
[0006] At present, it is difficult to perform simple, fast and effective network data packet capture, analysis and security monitoring on independent network devices such as network printers, routers and industrial network connection devices. The traditional method of PC+routing devices brings network security personnel great inconvenience

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An industrial control full flow analysis method and device
  • An industrial control full flow analysis method and device
  • An industrial control full flow analysis method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Such as figure 1 An industrial control full flow analysis method shown includes the following steps:

[0042] A. Capture packets from at least two mirror ports;

[0043] B. Merge the data packets and identify and analyze the data packets according to the black and white list database;

[0044] C. Encrypt and store data packets and generate early warning information.

Embodiment 2

[0046] Based on the method principle of the foregoing embodiment, this embodiment discloses a specific implementation method by taking two mirroring ports as an example.

[0047] Capture packets from two mirrored ports;

[0048] A ListsMap container is used to sort and merge the time stamps of the data packets, and the ListsMap container includes a red-black binary tree algorithm. The red-black binary tree algorithm uses a balanced tree binary structure, and its general structure is as follows Figure 5 shown. To achieve the greatest balance of the binary tree in ListsMap is to make the number of its left and right subtrees as equal as possible to reduce the subsequent sorting time. By using a binary tree, binary sorting can be easily implemented, because binary sorting is already in progress when data is inserted. For example, let's sort {7,8,9,10,11,12} and draw its process, such as Figure 6 shown.

[0049] Use the load_protcols algorithm and the Corasickplus algorithm...

Embodiment 3

[0060] Based on the above method, as figure 2 The illustrated embodiment discloses a device capable of implementing the above method.

[0061] An industrial control full flow analysis device, comprising:

[0062] The first network card used to obtain data packets;

[0063] A second network card for obtaining data packets;

[0064] According to the method of any one of the above-mentioned embodiments, a processor for merging, recognizing and analyzing data packets is realized;

[0065] A storage medium for storing data packets;

[0066] A data transceiver module for data reception to realize remote configuration of black and white lists.

[0067] Multiple industrial control full-flow analysis devices can be connected through a wireless ad hoc network. In the case of large-scale deployment, only one terminal node can be used to manage the entire device group in batches.

[0068] Such as image 3 As shown, this embodiment discloses a specific application of the device. The...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an industrial control full flow analysis method and device. The device includes: a first network card used to obtain data packets; a second network card used to obtain data packets; the data packet is realized according to any of the above-mentioned methods A processor for merging identification and analysis; a storage medium for storing data packets; a data transceiver module for data reception to realize remote configuration of black and white lists. It divides the monitored network data into two inputs through the independent work of the two network cards, so as not to interfere with the user network and does not require any network configuration, and realizes the merger, identification and analysis of the data through the processor to achieve early warning.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an industrial control full flow analysis method and device. Background technique [0002] With the rapid development of Internet technology, network-connected devices are facing more and more connection anomalies and network attacks, especially for network-connected devices on the periphery of computers, it is difficult to perform real-time security supervision. With the rapid development of network packet capture (packet capture) technology, it is often used for network data interception, dumping and checking network security. [0003] Traditional network security supervision can be roughly divided into two categories: [0004] One is for general-purpose computer systems, using installation software such as wireshark / tshark to capture packets on the network inside the computer. The disadvantage is that the monitoring software is vulnerable to human interference and vir...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26H04W84/18H04L29/12
CPCH04L43/18H04L63/1416H04L63/1441H04W84/18H04L61/103H04L61/4511
Inventor 陈虹宇苗宁
Owner 四川神虎科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com