CN112612669A - Infrastructure monitoring and early warning method and system based on situation awareness - Google Patents
Infrastructure monitoring and early warning method and system based on situation awareness Download PDFInfo
- Publication number
- CN112612669A CN112612669A CN202011339534.9A CN202011339534A CN112612669A CN 112612669 A CN112612669 A CN 112612669A CN 202011339534 A CN202011339534 A CN 202011339534A CN 112612669 A CN112612669 A CN 112612669A
- Authority
- CN
- China
- Prior art keywords
- module
- alarm
- data
- situation
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000004891 communication Methods 0.000 claims abstract description 21
- 238000011156 evaluation Methods 0.000 claims abstract description 8
- 238000012790 confirmation Methods 0.000 claims description 29
- 238000004458 analytical method Methods 0.000 claims description 27
- 238000001514 detection method Methods 0.000 claims description 19
- 238000005065 mining Methods 0.000 claims description 12
- 238000001914 filtration Methods 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 claims description 6
- 238000013473 artificial intelligence Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims description 3
- 238000013135 deep learning Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 3
- YHVACWACSOJLSJ-UHFFFAOYSA-N n-methyl-n-(1-oxo-1-phenylpropan-2-yl)nitrous amide Chemical compound O=NN(C)C(C)C(=O)C1=CC=CC=C1 YHVACWACSOJLSJ-UHFFFAOYSA-N 0.000 claims description 3
- 238000012502 risk assessment Methods 0.000 claims description 3
- 238000007619 statistical method Methods 0.000 claims description 3
- 238000012549 training Methods 0.000 claims description 3
- 238000012800 visualization Methods 0.000 claims description 3
- 238000004519 manufacturing process Methods 0.000 abstract description 8
- 238000005206 flow analysis Methods 0.000 abstract description 4
- 230000008447 perception Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000013079 data visualisation Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 231100000279 safety data Toxicity 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2465—Query processing support for facilitating data mining operations in structured databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/254—Extract, transform and load [ETL] procedures, e.g. ETL data flows in data warehouses
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computational Linguistics (AREA)
- Fuzzy Systems (AREA)
- Probability & Statistics with Applications (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a situation awareness-based infrastructure monitoring and early warning method, which is used for monitoring the network security situation of a whole plant, collecting data from a core switch or an important host, network equipment and safety equipment of a production control area, a production non-control area and a management area in a power plant, carrying out flow analysis and situation evaluation, determining a threat level, actively sending event warning information to a master station through a communication protocol according to warning level, warning time, warning equipment type, warning equipment IP and the like, and pushing the latest event to a user in real time by the master station through short messages, voice, ring tones and other modes.
Description
Technical Field
The invention belongs to the field of automatic detection, and particularly relates to an infrastructure monitoring and early warning method and an infrastructure monitoring and early warning system based on situation awareness.
Background
The existing enterprises are larger and larger in scale, owned assets are increased, due to the increase of the assets, the safety of the enterprises also needs to be taken into consideration, the network safety situation of the whole plant needs to be monitored, and data are collected from a core switch or an important host, network equipment and safety equipment of a production control area, a production non-control area and a management area in a power plant to carry out flow analysis and situation assessment.
Based on the situation awareness, the invention provides an infrastructure monitoring and early warning method and system based on situation awareness so as to ensure the safety of enterprise assets.
Disclosure of Invention
The present invention is directed to solving the problems encountered in asset protection in existing enterprises.
In order to achieve the purpose, the invention provides an infrastructure monitoring and early warning method and an infrastructure monitoring and early warning system based on situation awareness so as to ensure the safety of enterprise assets.
The technical scheme of the invention is as follows: an infrastructure monitoring and early warning method based on situation awareness,
s1: automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, and uploading a difference result to a vehicle state sensing master station for confirmation;
s2: acquiring all-network data, all-asset security logs and event information according to the confirmation result, carrying out multi-dimensional mining on the data, transmitting the mining result to a situation awareness analysis center, and confirming the analysis result;
s3: detecting the threat event according to the analysis result, and confirming the detection result;
s4: carrying out intelligent sensing and communication state abnormity confirmation on the detection result and the depth filtering analysis of an industrial control protocol database, forming alarm data, and synchronizing the alarm data to the database;
s5: and training the acquired database data through a prediction model by adopting an artificial intelligence deep learning technology to determine the threat capability.
As a further improvement of the invention, the method comprises the steps of automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, and uploading a difference result to the vehicle state sensing master station for confirmation, wherein the assets in the monitoring range of the plant station device are automatically discovered through detection acquisition, mirror image flow, NMAP and SNMP means.
As a further improvement of the invention, the threat event is detected and analyzed according to the analysis result, the full-flow data acquisition, forwarding and storage of the network link are provided, and the threat detection is carried out based on the abnormal flow modeling and attack behavior modeling technologies.
As a further improvement of the present invention, the detection result and the depth filtering analysis of the industrial control protocol database are subjected to intelligent sensing and communication state abnormality confirmation, and alarm data are formed, and the synchronization of the alarm data to the database specifically includes analyzing the abnormal condition of the communication state machine through the original communication message, matching according to event alarm rules (CPU threshold, memory threshold, disk threshold, etc.), forming an alarm for the event after the normalization, and recording the alarm to the database at the same time.
An infrastructure monitoring and early warning system based on situation awareness,
the monitoring and early warning system comprises an asset discovery module, a data acquisition module, a safety monitoring module, a prediction analysis module, a situation evaluation module and a configuration management module;
the asset discovery module is used for automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, and uploading difference results to the vehicle state sensing master station;
the data acquisition module is used for acquiring all-network data, all-asset security logs and event information according to the confirmation result, carrying out multi-dimensional mining on the data, transmitting the mining result to the situation awareness analysis center and confirming the analysis result;
the prediction analysis module is used for detecting the threat event according to the analysis result and confirming the detection result;
and the situation evaluation module is used for carrying out intelligent sensing and communication state abnormity confirmation on the detection result and the depth filtering analysis of the industrial control protocol database, forming alarm data and synchronizing the alarm data to the database.
As a further improvement of the invention, the situation assessment module also comprises a situation visualization module, a risk assessment module, an intelligent alarm reminding module, an event handling suggestion module, an asset management module, a statistical analysis module and a situation reporting module.
As a further improvement of the invention, the system also comprises an intelligent alarm reminding module which actively sends the event alarm information to the master station through a communication protocol according to the alarm level, the alarm time, the alarm device type and the alarm device IP, and the master station pushes the latest event to the user in real time through short messages, voice, ring tones and other modes.
As a further improvement of the invention, the system further comprises an event handling module for handling and forming event closed-loop management after the suspicious threat event is confirmed.
As a further improvement of the invention, the system also comprises a safety monitoring module which is used for monitoring the safety situation of the bound important assets in the factory in real time.
As a further improvement of the invention, the system further comprises a configuration management module for carrying out operation and maintenance monitoring management on the whole situation awareness system.
By adopting the situation awareness-based infrastructure monitoring and early warning method and system provided by the invention, the safety of plant assets can be effectively guaranteed, and the detection and early warning of basic settings are realized by monitoring the network security situation of the whole plant and acquiring data from core switches or important hosts, network equipment and safety equipment of a production control area, a production non-control area and a management area in a power plant to perform flow analysis and situation evaluation and early warning.
Drawings
FIG. 1 is a flow chart of a situational awareness-based infrastructure monitoring and forewarning method of the present invention;
fig. 2 is a schematic diagram of the situation awareness-based infrastructure monitoring and early warning system of the present invention.
Detailed Description
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
As shown in the figure, the invention discloses an infrastructure monitoring and early warning method based on situation awareness;
s1: automatically acquiring asset data, comparing the automatically acquired asset with manually input assets, performing difference confirmation, and uploading a difference result to a vehicle state sensing master station for confirmation, wherein the automatically acquired asset data comprises host equipment information, network equipment information, safety equipment information and the like which are respectively acquired through terminal data acquisition equipment, network data acquisition equipment and safety data acquisition equipment;
s2: acquiring all-network data, all-asset security logs and event information according to the confirmation result, carrying out multi-dimensional mining on the data, transmitting the mining result to a situation awareness analysis center, and confirming the analysis result;
s3: detecting the threat event according to the analysis result, and confirming the detection result;
s4: carrying out intelligent sensing and communication state abnormity confirmation on the detection result and the depth filtering analysis of an industrial control protocol database, forming alarm data, and synchronizing the alarm data to the database;
specifically, the depth filtering analysis of industrial control protocol data in the power industry is compared for intelligent sensing, the abnormal communication state condition acquisition refers to the steps of grabbing original communication messages through ports of network equipment in a mirror image station, wherein the original communication messages comprise regulation messages such as IEC61850, IEC103 and IEC104, analyzing abnormal conditions of a communication state machine, matching according to event alarm rules (CPU threshold, memory threshold, disk threshold and the like), forming alarms for the normalized events, and recording the alarms to a database;
s5: and training the acquired database data by adopting an artificial intelligence deep learning technology through a prediction model, determining the threat capability, and performing early warning according to the threat capability.
The method specifically comprises the steps of automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, uploading a difference result to a vehicle-state sensing master station for confirmation, and automatically discovering assets in a monitoring range of a station device through detection acquisition, mirror image flow, NMAP and SNMP means.
The method comprises the steps of detecting and analyzing a threat event according to an analysis result, collecting, forwarding and storing full-flow data of a network link, and detecting the threat based on abnormal flow modeling and attack behavior modeling technologies.
The method specifically comprises the steps of analyzing the abnormal condition of a communication state machine through an original communication message, matching according to event alarm rules (a CPU threshold value, a memory threshold value, a magnetic disk threshold value and the like), forming an alarm for a normalized event, and simultaneously recording the alarm to the database.
As shown in fig. 2, the invention also discloses a situation awareness-based infrastructure monitoring and early warning system, which is used for monitoring the network security situation of the whole plant, collecting data from core switches or important hosts, network equipment and safety equipment of a production control area, a production non-control area and a management area in a power plant, performing flow analysis and situation evaluation,
the monitoring and early warning system comprises an asset discovery module, a data acquisition module, a safety monitoring module, a prediction analysis module, a situation evaluation module and a configuration management module;
the asset discovery module is used for automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, and uploading difference results to the vehicle state sensing master station;
the asset discovery module is also used for binding important hosts, switches, routers and other safety equipment in the plant with the situation awareness system;
the data acquisition module is used for acquiring all-network data, all-asset security logs and event information according to the confirmation result, carrying out multi-dimensional mining on the data, transmitting the mining result to the situation perception analysis center, confirming the analysis result, and carrying out real-time data acquisition on the network full flow of the key infrastructure by adopting a distributed monitoring system;
the situation assessment module further comprises a situation visualization module, a risk assessment module, an intelligent alarm reminding module, an event handling suggestion module, an asset management module, a statistical analysis module and a situation reporting module, wherein the situation perception module is further used for comprehensively assessing the current network security situation and comprehensively displaying the situation assessment result through a data visualization tool.
As a further improvement of the invention, the system also comprises an intelligent alarm reminding module which actively sends the event alarm information to the master station through a communication protocol according to the alarm level, the alarm time, the alarm device type and the alarm device IP, and the master station pushes the latest event to the user in real time through short messages, voice, ring tones and other modes.
The system further comprises an event handling module, wherein the event handling module is used for handling and forming event closed-loop management after the suspicious threat event is confirmed, a work order handling process can be initiated by an administrator after the suspicious threat event is confirmed, the system automatically and accurately matches handling suggestions to enter an event emergency handling link, and the administrator can refer to the handling suggestions. And filling a disposal report after disposal is finished to form event closed-loop management. .
The system also comprises a safety monitoring module which is used for monitoring the safety situation of the important assets bound in the factory in real time.
The system also comprises a configuration management module for monitoring and managing the operation and maintenance of the whole situation awareness system.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. An infrastructure monitoring and early warning method based on situation awareness is characterized by comprising the following steps of;
s1: automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, and uploading a difference result to a vehicle state sensing master station for confirmation;
s2: acquiring all-network data, all-asset security logs and event information according to the confirmation result, carrying out multi-dimensional mining on the data, transmitting the mining result to a situation awareness analysis center, and confirming the analysis result;
s3: detecting the threat event according to the analysis result, and confirming the detection result;
s4: carrying out intelligent sensing and communication state abnormity confirmation on the detection result and the depth filtering analysis of an industrial control protocol database, forming alarm data, and synchronizing the alarm data to the database;
s5: and training the acquired database data through a prediction model by adopting an artificial intelligence deep learning technology to determine the threat capability.
2. The method of claim 1, wherein: the method specifically comprises the steps of automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, uploading a difference result to a vehicle-state sensing master station for confirmation, and automatically discovering assets in a monitoring range of a station device through detection acquisition, mirror image flow, NMAP and SNMP means.
3. The method of claim 2, wherein: and detecting and analyzing the threat event according to the analysis result, acquiring, forwarding and storing the full-flow data of the network link, and carrying out threat detection based on abnormal flow modeling and attack behavior modeling technologies.
4. The method of claim 3, wherein: the method specifically comprises the steps of carrying out intelligent sensing and communication state abnormity confirmation on a detection result and the depth filtering analysis of an industrial control protocol database, and forming alarm data, wherein the step of synchronizing the alarm data to the database specifically comprises the steps of analyzing the abnormity condition of a communication state machine through an original communication message, matching according to event alarm rules (a CPU threshold value, a memory threshold value, a magnetic disk threshold value and the like), forming an alarm for a normalized event, and simultaneously recording the alarm to the database.
5. The utility model provides an infrastructure monitoring early warning system based on situation awareness which characterized in that:
the monitoring and early warning system comprises an asset discovery module, a data acquisition module, a prediction analysis module and a situation evaluation module;
the asset discovery module is used for automatically acquiring asset data, comparing the automatically acquired assets with manually input assets, performing difference confirmation, and uploading difference results to the vehicle state sensing master station;
the data acquisition module is used for acquiring all-network data, all-asset security logs and event information according to the confirmation result, carrying out multi-dimensional mining on the data, transmitting the mining result to the situation awareness analysis center and confirming the analysis result;
the prediction analysis module is used for detecting the threat event according to the analysis result and confirming the detection result;
and the situation evaluation module is used for carrying out intelligent sensing and communication state abnormity confirmation on the detection result and the depth filtering analysis of the industrial control protocol database, forming alarm data and synchronizing the alarm data to the database.
6. The system of claim 5, wherein the situation assessment module further comprises a situation visualization module, a risk assessment module, an intelligent alarm reminding module, an event handling suggestion module, an asset management module, a statistical analysis module, and a situation reporting module.
7. The system of claim 6, further comprising an intelligent alarm reminding module, wherein the intelligent alarm reminding module actively uploads event alarm information to the master station via a communication protocol according to the alarm level, the alarm time, the alarm device type and the alarm device IP, and the master station pushes the latest event to the user in real time via short message, voice, ring, etc.
8. A situational awareness-based infrastructure monitoring and forewarning method in accordance with claim 7, wherein the system further comprises an event handling module for handling and forming a closed-loop management of events after the confirmation of suspected threat events.
9. The situational awareness-based infrastructure monitoring and forewarning method of claim 8, wherein the system further comprises a security monitoring module for monitoring the security situation of the bound important assets within the plant in real time.
10. The situational awareness-based infrastructure monitoring and early warning method according to claim 9, wherein the system further comprises a configuration management module for performing operation and maintenance monitoring and management on the whole situational awareness system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011339534.9A CN112612669A (en) | 2020-11-25 | 2020-11-25 | Infrastructure monitoring and early warning method and system based on situation awareness |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011339534.9A CN112612669A (en) | 2020-11-25 | 2020-11-25 | Infrastructure monitoring and early warning method and system based on situation awareness |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112612669A true CN112612669A (en) | 2021-04-06 |
Family
ID=75225228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011339534.9A Pending CN112612669A (en) | 2020-11-25 | 2020-11-25 | Infrastructure monitoring and early warning method and system based on situation awareness |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112612669A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259176A (en) * | 2021-06-11 | 2021-08-13 | 长扬科技(北京)有限公司 | Alarm event analysis method and device |
| CN113742720A (en) * | 2021-08-27 | 2021-12-03 | 贵州乌江水电开发有限责任公司 | Network security situation perception method based on multistage linkage mode |
| CN113783890A (en) * | 2021-09-24 | 2021-12-10 | 国网山西省电力公司电力科学研究院 | Intelligent Internet of things system Internet of things terminal safety monitoring system based on edge calculation |
| CN114006720A (en) * | 2021-09-14 | 2022-02-01 | 上海纽盾科技股份有限公司 | Network security situation awareness method, device and system |
| CN114095338A (en) * | 2021-10-27 | 2022-02-25 | 北京思特奇信息技术股份有限公司 | Intelligent prediction alarm method and system for cloud computing platform |
| CN114374547A (en) * | 2021-12-28 | 2022-04-19 | 南方电网数字电网研究院有限公司 | ARP (Address resolution protocol) reverse blocking method and system based on Docker |
| CN114422162A (en) * | 2021-11-26 | 2022-04-29 | 中国大唐集团科学技术研究院有限公司火力发电技术研究院 | Production control large-area safety situation sensing system of thermal power generating unit |
| CN115134131A (en) * | 2022-06-20 | 2022-09-30 | 中能融合智慧科技有限公司 | Situation awareness-based Internet of things communication transmission system |
| CN116760636A (en) * | 2023-08-16 | 2023-09-15 | 国网江苏省电力有限公司信息通信分公司 | Active defense system and method for unknown threat |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150281278A1 (en) * | 2014-03-28 | 2015-10-01 | Southern California Edison | System For Securing Electric Power Grid Operations From Cyber-Attack |
| CN109492994A (en) * | 2018-10-29 | 2019-03-19 | 成都思维世纪科技有限责任公司 | A kind of three-dimensional all-position safety management platform based on big data |
| US20190089741A1 (en) * | 2017-09-18 | 2019-03-21 | Veracity Security Intelligence, Inc. | Network asset characterization, classification, grouping and control |
-
2020
- 2020-11-25 CN CN202011339534.9A patent/CN112612669A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150281278A1 (en) * | 2014-03-28 | 2015-10-01 | Southern California Edison | System For Securing Electric Power Grid Operations From Cyber-Attack |
| US20190089741A1 (en) * | 2017-09-18 | 2019-03-21 | Veracity Security Intelligence, Inc. | Network asset characterization, classification, grouping and control |
| CN109492994A (en) * | 2018-10-29 | 2019-03-19 | 成都思维世纪科技有限责任公司 | A kind of three-dimensional all-position safety management platform based on big data |
Non-Patent Citations (3)
| Title |
|---|
| 周芬,吴国雄,李有俊: "网络安全态势感知综述", 《电声技术》, vol. 44, no. 8, pages 54 - 59 * |
| 王飞;张川;付强;: "态势感知技术在智能炼化厂工控安全方面的应用", 仪器仪表用户, no. 01 * |
| 高守: "态势感知技术在智慧电厂工控安全方面的应用", 《信息安全》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259176A (en) * | 2021-06-11 | 2021-08-13 | 长扬科技(北京)有限公司 | Alarm event analysis method and device |
| CN113742720A (en) * | 2021-08-27 | 2021-12-03 | 贵州乌江水电开发有限责任公司 | Network security situation perception method based on multistage linkage mode |
| CN114006720A (en) * | 2021-09-14 | 2022-02-01 | 上海纽盾科技股份有限公司 | Network security situation awareness method, device and system |
| CN114006720B (en) * | 2021-09-14 | 2023-08-18 | 上海纽盾科技股份有限公司 | Network security situation awareness method, device and system |
| CN113783890A (en) * | 2021-09-24 | 2021-12-10 | 国网山西省电力公司电力科学研究院 | Intelligent Internet of things system Internet of things terminal safety monitoring system based on edge calculation |
| CN114095338A (en) * | 2021-10-27 | 2022-02-25 | 北京思特奇信息技术股份有限公司 | Intelligent prediction alarm method and system for cloud computing platform |
| CN114422162A (en) * | 2021-11-26 | 2022-04-29 | 中国大唐集团科学技术研究院有限公司火力发电技术研究院 | Production control large-area safety situation sensing system of thermal power generating unit |
| CN114422162B (en) * | 2021-11-26 | 2024-06-07 | 内蒙古大唐国际托克托发电有限责任公司 | Production control large-area safety situation sensing system for thermal power generating unit |
| CN114374547A (en) * | 2021-12-28 | 2022-04-19 | 南方电网数字电网研究院有限公司 | ARP (Address resolution protocol) reverse blocking method and system based on Docker |
| CN114374547B (en) * | 2021-12-28 | 2023-12-01 | 南方电网数字电网研究院有限公司 | Docker-based ARP (Address resolution protocol) reverse blocking method and system |
| CN115134131A (en) * | 2022-06-20 | 2022-09-30 | 中能融合智慧科技有限公司 | Situation awareness-based Internet of things communication transmission system |
| CN115134131B (en) * | 2022-06-20 | 2023-10-20 | 中能融合智慧科技有限公司 | Internet of things communication transmission system based on situation awareness |
| CN116760636A (en) * | 2023-08-16 | 2023-09-15 | 国网江苏省电力有限公司信息通信分公司 | Active defense system and method for unknown threat |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112612669A (en) | Infrastructure monitoring and early warning method and system based on situation awareness | |
| CN112799358B (en) | Industrial control safety defense system | |
| CN103499963B (en) | A kind of coke vehicle equipment remote monitoring system | |
| CN110768846A (en) | Intelligent substation network safety protection system | |
| CN113612763B (en) | Network attack detection device and method based on network security malicious behavior knowledge base | |
| CN101916499B (en) | Intelligent alarm device and intelligent alarm method | |
| CN104144071A (en) | System log processing method and platform | |
| CN111524306A (en) | Centralized monitoring system for power environment of machine room | |
| CN117061569B (en) | Internet of things-based industrial and social interaction digital information monitoring system | |
| CN112416872A (en) | Cloud platform log management system based on big data | |
| CN114125083B (en) | Industrial network distributed data acquisition method and device, electronic equipment and medium | |
| CN117880146A (en) | Gateway all-in-one machine operation environment supervision alarm system based on data analysis | |
| CN110807460A (en) | Transformer substation intelligent patrol system based on image recognition and application method thereof | |
| CN117220917A (en) | Network real-time monitoring method based on cloud computing | |
| CN110207996A (en) | Turbine engine failure method for early warning and device | |
| CN110365717A (en) | Industrial intrusion detection method and system based on HART-IP agreement | |
| CN103713976B (en) | Signalling arrangement fault rootstock searching method for centralized signal supervision system | |
| CN117135033A (en) | Intelligent alarm system applying full link | |
| CN118247939A (en) | Communication pipeline safety early warning method and system | |
| CN112383417A (en) | Terminal security external connection detection method, system, equipment and readable storage medium | |
| CN115951640B (en) | Intelligent vibration monitoring management system, operation method, electronic equipment and medium | |
| CN118018229A (en) | Network threat detection method based on big data | |
| CN115550034A (en) | Service flow monitoring method and device for distribution network power monitoring system | |
| CN117129796A (en) | Power grid fault identification system based on big data | |
| CN115276234A (en) | Power network safety monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |