KR20240135976A - Non-safety control diagnostic device - Google Patents

Abstract

The present invention analyzes the characteristics according to the protocol and communication method of a field controller to detect abnormal operation, and performs a preliminary analysis of a protocol that is difficult to analyze and detect whether there is a failure, packet capture for acquiring data of a field controller; packet analysis for interpreting a protocol from the collected data; a diagnostic unit for diagnosing and measuring a failure; and a user interface for providing information to the user; analyzes an unknown protocol from a packet to provide information to the user, analyzes a failure by algorithmizing it, and places the code externally in the form of a script so that improvement is possible depending on the type of failure of the measurement target, rather than embedding the failure algorithm in the binary form of the software of the measuring device.

Description

{NON-SAFETY CONTROL DIAGNOSTIC DEVICE}

The present invention relates to a non-safe control diagnostic device, and more specifically, to a non-safe control diagnostic device that enables a system manager to determine, without professional knowledge, an analysis of a field controller in which an error occurs or an abnormal state occurs, and to determine a fault in the field without much knowledge by algorithmizing an advanced analysis technique, and to flexibly respond to the fault.

Nuclear power plant control equipment is supplied by various suppliers to build a power system, and when a failure or abnormality occurs in the on-site controller during operation, a diagnostic tool provided by the supplier is used to inspect it, but it is impossible to diagnose a failure or intermittent abnormality in the controller itself. Therefore, when an abnormality occurs in the controller, engineers and developers usually use open source network traffic software (Wireshark) and commercial network traffic diagnostic devices to analyze network data to determine the presence or absence of an abnormality. However, this analysis process requires a lot of technically experienced personnel to be secured, which is a technology that is possible.

The prior art related to the present invention includes accident analysis monitoring, equipment management, and a test framework. Patent Document 1 A transformer accident analysis monitoring system and a transformer accident analysis monitoring method using the same improve the quality of system operation and more convenient accident handling and prevent accidents that may occur in the future through accident type, accident classification, accident waveform analysis, and protection relay operation analysis when an accident/disturbance occurs in a transformer. In addition, Patent Document 2 A scenario-based virtual equipment management device for distributed resource simulation operation describes modeling information of distributed resource equipment, communication protocol information, linkage information between equipment, and data generation algorithm of equipment in a script language, and generates and operates a virtual equipment process that operates based on the information. In addition, Patent Document 3 A data-driven test framework is a device for testing an application, including a data processing machine including a memory and a processor operably coupled to the memory.

However, the conventional technology has a problem in that it cannot detect abnormal operation by analyzing the characteristics according to the protocol and communication method of the field controller to determine whether there is a failure and cannot analyze the protocol in advance to detect it.

Patent Registration No. 10-1587917 (January 25, 2016) Patent Registration No. 10-1759893 (2017.07.21) Patent Registration No. 10-2356771 (2022.01.27)

The purpose of the present invention is to provide a non-safety control diagnostic device that detects abnormal operation by analyzing the characteristics according to the protocol and communication method of a field controller, thereby determining whether there is a failure and analyzing a protocol that is difficult to analyze in advance.

In addition, the present invention has another purpose of providing a non-safety control diagnostic device that performs packet capture for acquiring data of a field controller; packet analysis for interpreting a protocol from the collected data; a diagnostic unit for diagnosing and measuring a fault; and a user interface for providing information to a user.

In addition, the present invention has another purpose of providing a non-safe control diagnostic device that analyzes an unknown protocol in a packet to provide information to a user, analyzes a failure by algorithmizing it, and externally places code in the form of a script so that improvement is possible depending on the type of failure of the target of measurement without embedding the failure algorithm in the binary form of the software of the measuring device.

A non-safe control diagnostic device according to a preferred embodiment of the present invention is characterized by including: a field controller (32), which is a non-safety system device in a nuclear power plant operation management system (MMIS); and a field measuring device (40), which receives a network packet of the field controller (32), analyzes whether there is a failure in the field controller (32), reports the analysis result to a terminal (6), analyzes characteristics according to a protocol and a communication method of the field controller (32), detects abnormal operation, determines whether there is a failure, and analyzes and detects protocols that are difficult to analyze in advance.

In addition, the field measuring device (40) includes a display (41), HDMI (42), SSD (43), adapter port (44), battery (45), first Ethernet (46), second Ethernet (47), first USB (48), second USB (49), and a control unit (5), and the control unit (5) includes an arm core as a part for controlling the operation of hardware and loading software, the display (41) displays the analysis result of the field measuring device (40), the HDMI (42) extends the monitor, the SSD (43) stores the packet contents of the field controller (32) acquired through the data receiving unit and provides storage space, the adapter port (44) connects an external power source, the battery (45) supplies direct current power to the field measuring device (40), the first Ethernet (46) captures the network packet data of the field controller (32), and the second Ethernet (47) transmits data and analysis results to an analysis server. Uploading, the first USB (48) provides a user interface, and the second USB (49) connects a keyboard and mouse.

In addition, the control unit (5) performs a network diagnostic unit (50), and the network diagnostic unit (50) is characterized by performing packet capture (52) for acquiring data of the field controller (32); packet analysis (57) for interpreting a protocol from the collected data; a diagnostic unit for diagnosing and measuring a fault; and a user interface (55) for providing information to the user.

In addition, the network diagnostic unit (50) is characterized by analyzing an unknown protocol in a packet and providing information to the user.

In addition, the network diagnostic unit (50) is characterized by analyzing a failure by algorithmizing it and positioning the failure algorithm code externally in the form of a script.

In addition, the control unit (5) is characterized by performing the following steps: a step of detecting a port number being used on a network (S101); a step of reading a network environment with Netstat (S102); a step of scanning an IP address (S103); a step of capturing an Ethernet packet (S104); a step of acquiring data (S105); a step of analyzing the acquired data using a programming language (S106); a step of analyzing the acquired data using Wireshark (S107); a step of identifying and decoding a protocol (S108); a step of executing a packet analysis technique (S109); a step of matching a pattern (S110); a step of parsing a protocol field (S111); a step of filtering a packet (S112); a step of analyzing a flow (S113); and a step of deriving a protocol result.

The present invention analyzes the characteristics of a field controller according to its protocol and communication method, detects abnormal operation, and analyzes in advance whether there is a failure and a protocol that is difficult to analyze, thereby enabling a system manager to determine, without professional knowledge, an analysis of a field controller in which an error occurs or an abnormal state occurs.

In addition, the present invention can have the effect of determining a fault in the field without much knowledge by algorithmizing an advanced analysis technique by performing packet capture for acquiring data of a field controller; packet analysis for interpreting a protocol from the collected data; a diagnostic unit for diagnosing and measuring a fault; and a user interface for providing information to the user.

In addition, the present invention can have the effect of flexibly responding to failures by analyzing an unknown protocol in a packet to provide information to a user, analyzing failures by algorithmizing them, and externally positioning the code in the form of a script so that improvement is possible depending on the type of failure of the target of measurement without embedding the failure algorithm in the binary form of the software of the measuring device.

Figure 1 is an exemplary diagram showing the network configuration of the non-safe control diagnostic device of the present invention.
Figure 2 is a block diagram showing the configuration of a field measuring device in the non-safety control diagnostic device of the present invention.
Figure 3 is a block diagram showing the configuration of the network diagnostic unit of the field measuring device of the present invention.
Figure 4 is a flow chart showing the operation of the unsafe control diagnosis method of the present invention.

Hereinafter, a non-safe control diagnostic device according to an embodiment of the present invention will be described in detail with reference to the drawings. In the following, descriptions of matters known in the art will be omitted or simplified in order to clarify the gist of the present invention. The components included in the description of the present invention operate individually or in a combined manner.

Figure 1 is an exemplary diagram showing the network configuration of the non-safe control diagnostic device of the present invention.

Referring to Fig. 1, the network configuration includes a field controller (32) and a field measuring device (40).

In general, safety systems directly supply power to critical facilities such as the reactor and reactor cooling system, while non-safety systems supply power to facilities other than the reactor's critical facilities.

The field controller (32) is a component of the nuclear power plant operation integrated management system (MMIS: Man-Machine Interface System), which is one of the instrumentation and control facilities. For example, it is a non-safety system device that monitors and controls the reactor coolant pump.

The field measuring device (40) receives a network packet from the field controller (32), analyzes whether there is a failure in the field controller (32), and reports the analysis results to the terminal (6).

The field measuring device (40) analyzes the characteristics according to the protocol and communication method of the field controller (32) to detect abnormal operation and to analyze in advance whether there is a failure and a protocol that is difficult to analyze, so the data of the protocol is analyzed without special knowledge.

Figure 2 is a block diagram showing the configuration of a field measuring device in the non-safe control diagnostic device of the present invention.

Referring to FIG. 2, the network connects an IPS, a field controller (32), and a field measuring device (40), and the field measuring device (40) includes a display (41), HDMI (42), SSD (43), an adapter port (44), a battery (45), a first Ethernet (46), a second Ethernet (47), a first USB (48), a second USB (49), and a control unit (5).

IPS is an integrated facility that performs data processing and alarm functions to provide all information necessary for power plant operation to the operator.

The control unit (5) is a part for controlling the operation of hardware and installing software, and includes an ARM core.

The display (41) displays the analysis results of the field measuring device (40), the HDMI (42) extends the monitor, the SSD (43) stores the packet contents of the field controller (32) acquired through the data receiving unit and provides storage space, the adapter port (44) connects an external power source, the battery (45) supplies direct current power to the field measuring device (40), the first Ethernet (46) captures the network packet data of the field controller (32), the second Ethernet (47) uploads data and analysis results to the analysis server, the first USB (48) provides a user interface, and the second USB (49) connects a keyboard and a mouse.

Figure 3 is a block diagram showing the configuration of the network diagnostic unit of the field measuring device of the present invention.

Referring to FIG. 3, the network diagnostic unit (50) includes a socket (51), packet capture (52), a program (53), internal process communication (54), a user interface (55), a DB file (56), packet analysis (57), and shared memory (58).

The control unit (5) performs a network diagnostic unit (50), and the network diagnostic unit (50) performs packet capture (52) for acquiring data from a field controller (32); packet analysis (57) for interpreting a protocol from the collected data; a diagnostic unit for diagnosing and measuring a fault; and a user interface (55) for providing information to a user.

The network diagnostic unit (50) analyzes unknown protocols in packets to provide information to the user, analyzes faults by algorithmizing them, and places codes in the form of scripts externally so that improvements can be made according to the type of fault of the measurement target, rather than embedding the fault algorithm in the binary form of the software of the measuring device.

The socket (51) processes data transmission and reception in an Ethernet-based data channel, the program (53) displays the analysis results of packet analysis (57) and the settings of the user interface (55), the internal process communication (54) supports data communication between the program (53) and the user interface (55), the packet capture (52) captures Ethernet data packets using the socket (51), transfers the captured packets to the packet analysis (57), the packet analysis (57) analyzes the packets to determine whether there is a failure, and stores the determination results in a DB file (56), the DB file (56) provides the analysis results of the packet analysis (57) to the user interface (55), and the shared memory (58) provides memory necessary for the operation of the network diagnostic unit (50).

Figure 4 is a flow chart showing the operation of the non-safe control diagnosis method of the present invention.

Referring to FIG. 4, the non-safe control diagnosis method performs the steps of detecting a port number being used on a network (S101); reading a network environment with Netstat (S102); scanning an IP address (S103); capturing an Ethernet packet (S104); acquiring data (S105); analyzing the acquired data using a programming language (S106); analyzing the acquired data using Wireshark (S107); identifying a protocol and decoding a protocol (S108); executing a packet analysis technique (S109); matching a pattern (S110); parsing a protocol field (S111); filtering a packet (S112); analyzing a flow (S113); and deriving a protocol result.

Port number detection can be done using the console command netstat, a utility program (Advanced-IP-Scanner), and Wireshark. When a port number is detected, data, i.e. packets, must be present for analysis, so the control unit (5) acquires data. In order for the control unit (5) to acquire data, it uses C, C++, Python languages, or uses Wireshark to acquire data. The control unit (5) uses the acquired data to identify protocols and decode protocols, and analyzes the header and data areas of the acquired data. The control unit (5) uses this to analyze the protocol through packet analysis techniques, pattern matching, protocol field parsing, packet filtering, and flow analysis.

Fault detection determined by the control unit (5) through self-diagnosis content is that when a specific part or an abnormality occurs in the control unit (5), a specific value that can be determined as a fault is output to a specific location in the protocol. For example, bit 8 of address 83 is a protocol location that can determine whether a CPU board is mounted, and if it is 0, the CPU board is not mounted, and if it is 1, the CPU board is mounted. If the protocol is analyzed, data coming from within the control unit (5) can be acquired and analyzed.

The control unit (5) detects a fault diagnosis other than self-diagnosis. A fault other than an abnormality of the control unit (5) can be determined by storing a certain amount of specific data to enable fault diagnosis, and a fault diagnosis can be detected by excessive ARP occurrence due to IP conflict, poor connection, etc.

The control unit (5) enables the definition of fault diagnosis rules in the form of VB Script, Python Script or general text, for example, as a fault algorithm in the form of a script, thereby facilitating modification, supplementation and addition of the fault diagnosis algorithm.

The control unit (5) provides basic diagnostic information by the diagnostic tool, including A. CPU operating rights, B. Time Sync Enable, C. Logic execution status, D. IO board status, E. Synchronization Overflow status, F. Logic identical, G. Time synchronization reception status, H. Controller status information reception status, I. Information network main port status, J. Information network backup port status, K. Control network main port status, L. Control network backup port status, M. SRAM status, N. Flash status, O. Synchronization status, P. CPU temperature, Q. CPU usage rate, R. SRAM usage rate, S. Logic usage rate, T. Overflow occurrence count, U. IO mounted, V. IO operation status, W. IO fuse status.

The control unit (5) provides the following as protocol-based information of the failure algorithm: A. Node No. of the receiving controller, IP error check B. Normal Fast transmission cycle error check based on port information of communication data C. Hunting data monitoring function D. Heart beat monitoring function E. Sequence number monitoring function F. AI value invariant monitoring function G. User-defined status monitoring function.

The control unit (5) provides network packet-based information of the failure algorithm, A. Checking the controller connection status with a Ping-based command, B. Checking IP conflicts and poor connection due to ARP occurrence.

The present invention is not limited to the specific preferred embodiments described above, and anyone with ordinary skill in the art to which the invention pertains may make various modifications without departing from the gist of the present invention claimed in the claims, and such modifications are within the scope of the claims.

5: Control Unit
32: Field controller
40: Field measuring device
41: Display
42: HDMI (High-Definition Multimedia Interface)
43: SSD(Solid State Drive)
44: Adapter Port
45: Battery
46: 1st Ethernet
47: Second Ethernet
48: 1st USB (Universal Serial Bus)
49: 2nd USB (Universal Serial Bus)
50: Network Diagnostics
51: Socket
52: Packet Capture
53: Program
54: Inter-process communication
55: User Interface
56: DB file
57: Packet Analysis
58: Shared memory

Claims (6)

Field controller (32), a non-safety system device within the nuclear power plant operation management system (MMIS); and
A non-safe control diagnostic device characterized by including a field measuring device (40) that receives a network packet of the field controller (32) to analyze whether there is a failure of the field controller (32), reports the analysis result to a terminal (6), analyzes the characteristics according to the protocol and communication method of the field controller (32), detects abnormal operation, and performs a preliminary analysis of a protocol that is difficult to analyze and detects whether there is a failure. In the first paragraph,
The above field measuring device (40) includes a display (41), HDMI (42), SSD (43), adapter port (44), battery (45), first Ethernet (46), second Ethernet (47), first USB (48), second USB (49), and a control unit (5).
A non-safe control diagnostic device characterized in that the control unit (5) includes an arm core for controlling the operation of hardware and loading software, the display (41) displays the analysis results of the field measuring device (40), the HDMI (42) extends the monitor, the SSD (43) stores the packet contents of the field controller (32) acquired through the data receiving unit and provides storage space, the adapter port (44) connects an external power source, the battery (45) supplies direct current power to the field measuring device (40), the first Ethernet (46) captures network packet data of the field controller (32), the second Ethernet (47) uploads data and analysis results to an analysis server, the first USB (48) provides a user interface, and the second USB (49) connects a keyboard and a mouse. In the second paragraph,
A non-safe control diagnostic device characterized in that the above control unit (5) performs a network diagnostic unit (50), and the network diagnostic unit (50) performs packet capture (52) for acquiring data of the field controller (32); packet analysis (57) for interpreting a protocol from the collected data; a diagnostic unit for diagnosing and measuring a fault; and a user interface (55) for providing information to the user. In the third paragraph,
The above network diagnostic unit (50) is a non-safe control diagnostic device characterized by analyzing an unknown protocol in a packet and providing information to the user. In the third paragraph,
The above network diagnostic unit (50) is a non-safe control diagnostic device characterized by analyzing a failure by algorithmizing it and positioning the failure algorithm code externally in the form of a script. In the second paragraph,
The above control unit (5) is characterized in that it performs the steps of detecting a port number being used on a network (S101); a step of reading a network environment with Netstat (S102); a step of scanning an IP address (S103); a step of capturing an Ethernet packet (S104); a step of acquiring data (S105); a step of analyzing the acquired data using a programming language (S106); a step of analyzing the acquired data using Wireshark (S107); a step of identifying and decoding a protocol (S108); a step of executing a packet analysis technique (S109); a step of matching a pattern (S110); a step of parsing a protocol field (S111); a step of filtering a packet (S112); a step of analyzing a flow (S113); and a step of deriving a protocol result.

Images