[go: up one dir, main page]

CN116633965A - Industrial control network environment data acquisition system and method - Google Patents

Industrial control network environment data acquisition system and method Download PDF

Info

Publication number
CN116633965A
CN116633965A CN202310484729.XA CN202310484729A CN116633965A CN 116633965 A CN116633965 A CN 116633965A CN 202310484729 A CN202310484729 A CN 202310484729A CN 116633965 A CN116633965 A CN 116633965A
Authority
CN
China
Prior art keywords
acquisition
module
data
collection
deployment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310484729.XA
Other languages
Chinese (zh)
Inventor
王璇
郭金辉
王健
周经鑫
王府
陈伏康
邓勇
韩巧梅
贾伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bozhi Safety Technology Co ltd
Original Assignee
Bozhi Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bozhi Safety Technology Co ltd filed Critical Bozhi Safety Technology Co ltd
Priority to CN202310484729.XA priority Critical patent/CN116633965A/en
Publication of CN116633965A publication Critical patent/CN116633965A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/562Brokering proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses an industrial control network environment data acquisition system and method, wherein the system comprises an acquisition task management module, an acquisition proxy module, a host acquisition module, a flow acquisition module and a protocol acquisition module; the acquisition task management module receives and analyzes the control instruction and the acquisition scheme to form a deployment scheme, and feeds back the acquisition strategy upwards; after deployment is completed, issuing a request for full-source acquisition data; the acquisition agent module receives the deployment proposal, transmits the deployment proposal to the host acquisition module, the flow acquisition module and the protocol acquisition module, and uploads deployment feedback data to the acquisition task management module; and receiving the total source acquisition data request, distributing a request message to the host acquisition module, the flow acquisition module and the protocol acquisition module, and pushing acquisition data reported by the host acquisition module, the flow acquisition module and the protocol acquisition module to the acquisition task management module.

Description

工控网络环境数据采集系统及方法Industrial control network environment data acquisition system and method

技术领域technical field

本申请涉及一种工控网络环境数据采集系统及方法,属于工控网络监测领域。The application relates to an industrial control network environment data collection system and method, belonging to the field of industrial control network monitoring.

背景技术Background technique

目前,针对工控网络资产的采集处理策略大多是将拓扑资产进行全量的、平面化的二维展示,当网络资产节点较多时,所有节点都拥挤地显示在一起,既存在性能问题,也难以维护和管理。At present, most of the collection and processing strategies for industrial control network assets are to display the topological assets in a full and flat two-dimensional manner. When there are many network asset nodes, all nodes are crowded and displayed together, which has performance problems and is difficult to maintain. and management.

发明内容Contents of the invention

根据本申请的一个方面,提供了一种工控网络环境数据采集系统,该系统能够以采集任务的方式进行工控协议业务数据、网络数据和主机节点数据的监控和采集汇总。According to one aspect of the present application, an industrial control network environment data acquisition system is provided. The system can monitor, collect and summarize industrial control protocol business data, network data, and host node data in the form of acquisition tasks.

所述的工控网络环境数据采集系统,包括:采集任务管理模块、采集代理模块、主机采集模块、流量采集模块、规约采集模块;The industrial control network environment data acquisition system includes: an acquisition task management module, an acquisition agent module, a host acquisition module, a traffic acquisition module, and a protocol acquisition module;

所述采集任务管理模块,用于接收并解析控制指令和采集方案,将解析后的采集方案形成部署方案,并将采集策略向上反馈;当部署完成后,下发全源采集数据请求;The acquisition task management module is used to receive and analyze control instructions and acquisition schemes, form a deployment scheme from the analyzed acquisition schemes, and feed back the acquisition strategies upward; when the deployment is completed, issue an all-source acquisition data request;

所述采集代理模块,用于接收所述部署方案,下发至所述主机采集模块、流量采集模块、规约采集模块,向采集任务管理模块上传部署数据;接收所述全源采集数据请求,将请求报文派发至所述主机采集模块、流量采集模块、规约采集模块,将所述主机采集模块、流量采集模块、规约采集模块上报的采集数据推送给所述采集任务管理模块。The collection agent module is used to receive the deployment plan, issue it to the host collection module, traffic collection module, and protocol collection module, and upload deployment data to the collection task management module; receive the all-source collection data request, and send The request message is dispatched to the host acquisition module, traffic acquisition module, and protocol acquisition module, and the acquisition data reported by the host acquisition module, traffic acquisition module, and protocol acquisition module is pushed to the acquisition task management module.

优选地,所述采集任务管理模块提供采集部署方案下发接口,用于向所述采集代理模块下发部署方案;所述采集代理模块提供部署方案接收接口,采用http协议,支持post请求方式,用于接收所述部署方案,下发至所述主机采集模块、流量采集模块、规约采集模块。Preferably, the acquisition task management module provides an interface for issuing a collection and deployment plan, which is used to issue a deployment plan to the collection agent module; the acquisition agent module provides a deployment plan receiving interface, adopts the http protocol, and supports post request mode, It is used to receive the deployment scheme and send it to the host collection module, traffic collection module, and protocol collection module.

优选地,所述采集代理模块还提供环境部署反馈接口,用于将所述主机采集模块、流量采集模块、规约采集模块的部署反馈数据上报至所述采集任务管理模块;所述采集任务管理模块提供环境部署反馈接收接口,用于获取所述部署反馈数据。Preferably, the collection agent module also provides an environment deployment feedback interface for reporting the deployment feedback data of the host collection module, traffic collection module, and protocol collection module to the collection task management module; the collection task management module An environment deployment feedback receiving interface is provided for obtaining the deployment feedback data.

优选地,所述采集代理模块还用于保存汇总的原始数据,在数据清洗、预处理后进行分类存储。Preferably, the collection agent module is also used to save the summarized raw data, and classify and store the data after data cleaning and preprocessing.

优选地,所述采集代理模块还用于提供采集任务控制接口,用于获取所述采集任务管理模块推送的采集任务控制命令。Preferably, the collection agent module is further configured to provide a collection task control interface for obtaining the collection task control command pushed by the collection task management module.

优选地,所述任务控制命令的报文包括采集任务id、任务状态,所述任务状态为启动、暂停或者停止。Preferably, the message of the task control command includes the collection task id and task status, and the task status is start, pause or stop.

优选地,所述采集代理模块提供全源采集数据接收接口,用于在主机采集模块、流量采集模块、规约采集模块接收到所述全源采集数据请求后,获取所述主机采集模块、流量采集模块、规约采集模块上报的采集数据,推送给所述采集任务管理模块。Preferably, the collection agent module provides an all-source collection data receiving interface, which is used to obtain the host collection module, flow collection The collection data reported by the module and the protocol collection module are pushed to the collection task management module.

优选地,所述采集数据的上报类型包括以下至少一种:主机节点数据、网络数据、业务数据。Preferably, the reporting type of the collected data includes at least one of the following: host node data, network data, and service data.

优选地,所述主机节点数据包括工控设备的状态信息。Preferably, the host node data includes status information of industrial control equipment.

优选地,所述网络数据包括以下至少一种:工控网络内的流量、遥控事件。Preferably, the network data includes at least one of the following: traffic in the industrial control network, and remote control events.

优选地,所述业务数据包括工控设备的三遥数据。Preferably, the business data includes three remote data of industrial control equipment.

优选地,所述主机采集模块以服务方式部署在目标主机上。Preferably, the host collection module is deployed on the target host as a service.

优选地,所述流量采集模块以旁路方式部署在流量采集设备上,接入目标环境的汇聚交换机,并在接入端口上配置流量镜像,将目标环境的流量引入所述流量采集模块。目前,流量采集技术是在环境中的各个终端上进行流量抓包,再完成汇集。本申请采用旁路方式完成部署,能够免除在各个终端设备端口上抓包,只需要在核心交换机上做流量镜像,即可采集到所有通过交换机转发的流量。Preferably, the traffic collection module is deployed on the traffic collection device in a bypass mode, connected to the aggregation switch of the target environment, and traffic mirroring is configured on the access port to introduce the traffic of the target environment into the traffic collection module. At present, the traffic collection technology is to capture traffic packets on each terminal in the environment, and then complete the aggregation. This application adopts the bypass method to complete the deployment, which can avoid capturing packets on each terminal device port, and only needs to perform traffic mirroring on the core switch to collect all the traffic forwarded by the switch.

优选地,所述流量采集模块还用于按照采集策略对流量进行筛选过滤,将匹配的流量报文打包封装成restful报文发送给采集代理模块;Preferably, the traffic collection module is also used to filter the traffic according to the collection strategy, and package and encapsulate the matched traffic packets into restful packets and send them to the collection agent module;

优选地,所述筛选的信息至少包括以下一种:设置的源IP、目的IP、端口、报文协议、报文字段。Preferably, the filtered information includes at least one of the following: set source IP, destination IP, port, packet protocol, and packet fields.

优选地,所述规约采集模块以旁路方式部署在规约采集设备上,接入目标PLC设备。现有技术通常是在上游工作站规约数据接收端抓包分析协议数据内容。本申请采用旁路方式,能够从规约数据发送端就获取到最原始的规约数据,而且不用对环境中的数据进行抓包分析。Preferably, the protocol collection module is deployed on the protocol collection device in a bypass manner and connected to the target PLC device. The existing technology is usually to capture packets and analyze the protocol data content at the protocol data receiving end of the upstream workstation. This application adopts a bypass method, which can obtain the most original protocol data from the protocol data sender, and does not need to capture and analyze the data in the environment.

根据本申请的又一个方面,提供了一种基于上述工控网络环境数据采集系统的采集方法,包括:According to another aspect of the present application, a collection method based on the above-mentioned industrial control network environment data collection system is provided, including:

采集任务管理模块接收并解析控制指令和采集方案,将解析后的采集方案形成部署方案,下发给采集代理模块,并将采集策略向上反馈;The collection task management module receives and analyzes the control instructions and the collection plan, forms the deployment plan after the analysis of the collection plan, sends it to the collection agent module, and feeds back the collection strategy;

采集代理模块按照部署方案将采集策略下发至主机采集模块、流量采集模块和规约采集模块,采集部署数据、部署反馈数据;The collection proxy module sends the collection policy to the host collection module, traffic collection module and protocol collection module according to the deployment plan, collects deployment data and deploys feedback data;

部署完成后,采集代理模块接收采集任务管理模块下发的全源采集数据请求,将请求报文派发至主机采集模块、流量采集模块和规约采集模块;After the deployment is completed, the collection agent module receives the all-source collection data request issued by the collection task management module, and distributes the request message to the host collection module, traffic collection module and protocol collection module;

所述主机采集模块、流量采集模块和规约采集模块将采集数据通过采集代理模块反馈至采集任务管理模块。The host acquisition module, traffic acquisition module and protocol acquisition module feed back the acquired data to the acquisition task management module through the acquisition agent module.

优选地,所述采集任务管理模块将解析后的采集方案形成部署方案,下发给采集代理模块包括:Preferably, the collection task management module forms a deployment plan from the parsed collection plan, and sending it to the collection agent module includes:

采集任务管理模块提供部署方案下发接口,向采集代理模块下发环境部署方案,所述采集代理模块提供接收接口,所述接收接口采用http协议,支持post请求方式进行数据下发。The acquisition task management module provides an interface for issuing a deployment plan, and issues an environment deployment plan to the acquisition agent module. The acquisition agent module provides a receiving interface, and the receiving interface adopts the http protocol and supports post request for data delivery.

优选地,所述部署数据的采集时机为:当主机采集模块、流量采集模块和规约采集模块接收到部署方案后。Preferably, the timing for collecting the deployment data is: after the host collection module, flow collection module and protocol collection module receive the deployment scheme.

优选地,所述部署反馈数据的采集时机为:采集代理模块接收到主机采集模块、流量采集模块和规约采集模块发送的部署完成指令,并通知采集任务管理模块部署完成,可以开始采集。采集任务管理模块下发任务启动的控制指令给采集代理模块,由采集代理模块下发给主机采集模块、流量采集模块和规约采集模块,开始采集数据。主机采集模块、流量采集模块和规约采集模块按照采集策略中的采集间隔周期、采集目标IP等策略执行采集,并将采集数据实时上报。待采集任务管理模块下发采集任务停止指令给采集代理模块后,采集代理模块通知主机采集模块、流量采集模块和规约采集模块停止采集上报。Preferably, the collection timing of the deployment feedback data is: the collection agent module receives the deployment completion instruction sent by the host collection module, the flow collection module and the protocol collection module, and notifies the collection task management module that the deployment is completed and the collection can start. The collection task management module sends a task start control command to the collection agent module, and the collection agent module sends it to the host collection module, traffic collection module and protocol collection module to start data collection. The host collection module, traffic collection module and protocol collection module perform collection according to the collection interval period and collection target IP in the collection strategy, and report the collected data in real time. After the collection task management module issues a collection task stop command to the collection agent module, the collection agent module notifies the host collection module, traffic collection module and protocol collection module to stop collection and reporting.

优选地,所述采集部署数据包括以下至少一种:采集任务id、设备id、开始时间。Preferably, the collection and deployment data includes at least one of the following: collection task id, device id, and start time.

优选地,采集任务管理模块提供环境部署反馈接收接口,采集代理模块向采集任务管理模块上报环境部署状态。Preferably, the collection task management module provides an environment deployment feedback receiving interface, and the collection agent module reports the environment deployment status to the collection task management module.

优选地,所述采集部署反馈数据包括以下至少一种:采集任务id、部署进度。Preferably, the collecting deployment feedback data includes at least one of the following: collecting task id and deployment progress.

优选地,所述采集方法还包括:所述采集任务管理模块向所述采集代理模块推送采集任务控制命令;所述主机采集模块、流量采集模块和规约采集模块根据所述任务控制命令完成采集任务。Preferably, the collection method further includes: the collection task management module pushes a collection task control command to the collection proxy module; the host collection module, traffic collection module and protocol collection module complete the collection task according to the task control command .

优选地,在所述采集任务执行过程中,所述采集代理模块上传所述主机采集模块、流量采集模块和规约采集模块的采集数据。Preferably, during the execution of the collection task, the collection agent module uploads the collection data of the host collection module, flow collection module and protocol collection module.

优选地,所述采集代理模块在获取到所述主机采集模块、流量采集模块和规约采集模块的采集数据后,将原始数据汇总存入数据库中。Preferably, after the collection agent module acquires the data collected by the host collection module, flow collection module and protocol collection module, it collects and stores the original data in the database.

优选地,所述采集代理模块对所述原始数据进行数据清洗,将分类存储规整后的数据存入数据库中。Preferably, the collection agent module performs data cleaning on the raw data, and stores the classified and organized data into the database.

优选地,所述采集代理模块提供采集任务控制接口。Preferably, the collection agent module provides a collection task control interface.

优选地,所述采集任务控制命令的报文包括以下至少一种:采集任务id、任务启动命令、任务暂停命令、任务停止命令。Preferably, the packet of the collection task control command includes at least one of the following: a collection task id, a task start command, a task pause command, and a task stop command.

优选地,所述采集方法包括:主机采集模块、流量采集模块和规约采集模块接收到采集代理模块下发的采集请求后,一边采集数据,一边将采集数据通过全源采集数据上报接口上报到采集代理管理模块中的分系统。Preferably, the collection method includes: after the host collection module, the flow collection module and the protocol collection module receive the collection request sent by the collection agent module, they collect the data while reporting the collection data to the collection through the all-source collection data reporting interface A subsystem in the agent management module.

优选地,所述采集数据包括以下至少一种:主机采集模块采集的主机节点数据、流量采集模块采集的网络数据、规约采集模块采集的业务数据。Preferably, the collected data includes at least one of the following: host node data collected by the host collection module, network data collected by the traffic collection module, and service data collected by the protocol collection module.

优选地,所述主机节点数据包括工控设备的状态信息。Preferably, the host node data includes status information of industrial control equipment.

优选地,所述网络数据包括以下至少一种:工控网络内的流量、遥控事件。Preferably, the network data includes at least one of the following: traffic in the industrial control network, and remote control events.

优选地,所述业务数据包括工控设备的三遥数据。Preferably, the business data includes three remote data of industrial control equipment.

本申请能产生的有益效果包括:The beneficial effect that this application can produce comprises:

1)本申请所提供的工控网络环境数据采集系统,根据业务靶标环境中设备、厂商、协议规约、业务通信内容等情况,选择具备协议转换功能的数据集中或者远动装置,采用旁路部署的方式,保证了采集数据回传和业务数据传递的同时性,具有获取目标网络实时数据能力。1) The industrial control network environment data acquisition system provided by this application, according to the equipment, manufacturers, protocol regulations, business communication content, etc. The method ensures the simultaneity of data collection and business data transmission, and has the ability to obtain real-time data of the target network.

2)本申请所提供的工控网络环境数据采集系统,能够按需获取目标网络协议数据和指定目标设备的状态数据,具有灵活配置采集策略的能力。2) The industrial control network environment data acquisition system provided by this application can acquire target network protocol data and status data of designated target devices as needed, and has the ability to flexibly configure acquisition strategies.

3)本申请所提供的工控网络环境数据采集系统,能够按需对采集任务进行启动、暂停和删除,具有采集状态控制能力。3) The industrial control network environment data acquisition system provided by this application can start, suspend and delete the acquisition tasks as needed, and has the ability to control the acquisition status.

4)本申请所提供的工控网络环境数据采集系统,具有灵活可扩展的数据传输接口。通过采用restful协议传输采集数据,对采集的数据字段和类型经过简单的二次开发就能够实现定制和扩展。4) The industrial control network environment data acquisition system provided by this application has a flexible and expandable data transmission interface. By adopting the restful protocol to transmit the collected data, the collected data fields and types can be customized and expanded after simple secondary development.

附图说明Description of drawings

图1为本申请的工控网络环境数据采集系统的结构示意图。FIG. 1 is a schematic structural diagram of the industrial control network environment data acquisition system of the present application.

具体实施方式Detailed ways

下面结合实施例详述本申请,但本申请并不局限于这些实施例。The present application is described in detail below in conjunction with the examples, but the present application is not limited to these examples.

一种工控网络环境数据采集系统,可以但不限于应用在电力工控系统中。该采集系统包括:采集任务管理模块、采集代理模块、主机采集模块、流量采集模块、规约采集模块。An industrial control network environment data acquisition system can be applied to, but not limited to, electric power industrial control systems. The acquisition system includes: an acquisition task management module, an acquisition agent module, a host acquisition module, a traffic acquisition module, and a protocol acquisition module.

所述采集任务管理模块,用于接收并解析控制指令和采集方案,将解析后的采集方案形成部署方案,并将采集策略向上反馈;当部署完成后,下发全源采集数据请求;The acquisition task management module is used to receive and analyze control instructions and acquisition schemes, form a deployment scheme from the analyzed acquisition schemes, and feed back the acquisition strategies upward; when the deployment is completed, issue an all-source acquisition data request;

所述采集代理模块,用于接收所述部署方案,下发至所述主机采集模块、流量采集模块、规约采集模块,向采集任务管理模块反馈部署数据;接收所述全源采集数据请求,将请求报文派发至所述主机采集模块、流量采集模块、规约采集模块,将所述主机采集模块、流量采集模块、规约采集模块上报的采集数据推送给所述采集任务管理模块。The collection agent module is configured to receive the deployment plan, send it to the host collection module, flow collection module, and protocol collection module, and feed back deployment data to the collection task management module; receive the all-source collection data request, and send The request message is dispatched to the host acquisition module, traffic acquisition module, and protocol acquisition module, and the acquisition data reported by the host acquisition module, traffic acquisition module, and protocol acquisition module is pushed to the acquisition task management module.

所述采集代理模块能够实时维护所述主机采集模块、流量采集模块和规约采集模块等组成的分布式集群。The collection agent module can maintain the distributed cluster composed of the host collection module, traffic collection module and protocol collection module in real time.

在一种实施方式中,所述控制指令包括采集任务启动、采集任务停止和采集任务删除。In one embodiment, the control instruction includes starting a collection task, stopping a collection task, and deleting a collection task.

在一种实施方式中,所述采集方案包含采集任务ID、本次采集任务需要采集的设备的UUID信息、采集状态和采集进度。In one embodiment, the collection scheme includes collection task ID, UUID information of the equipment to be collected in this collection task, collection status and collection progress.

在一种实施方式中,采集策略包括采集间隔周期、采集流量的协议类型、采集流量的过滤条件。In an implementation manner, the collection policy includes a collection interval, a protocol type of the collected traffic, and a filter condition of the collected traffic.

在一种实施方式中,所述采集任务管理模块可以编辑。如获取用户调整的所述采集策略。In one embodiment, the collection task management module can be edited. Acquisition policy as described for obtaining user adjustments.

在一种实施方式中,所述采集代理模块,还用于对汇总数据进行原始数据保存,同时依据相关规则,在对所述原始数据预处理后进行分类存储。In one embodiment, the collection agent module is further configured to save the summary data as raw data, and at the same time, according to relevant rules, classify and store the raw data after preprocessing.

在一种实施方式中,所述主机采集模块,用于采集操作员站等设备的状态信息。主机采集模块以服务方式部署在目标主机上,最真实、最快速地获取被采设备的状态,并将采集的结果上报至采集代理模块。In an implementation manner, the host acquisition module is configured to acquire status information of equipment such as an operator station. The host acquisition module is deployed on the target host as a service to obtain the status of the acquired device most realistically and quickly, and report the collected results to the acquisition agent module.

在一种实施方式中,所述流量采集模块,用于采集工控网络内的流量和遥控事件。流量采集模块部署在流量采集设备上,釆用旁路方式,接入目标环境的汇聚交换机。并在接入端口上配置流量镜像,将目标环境的流量引入流量采集模块。流量采集模块按照采集策略设置的参数信息对流量进行筛选过滤,所述参数信息包括源IP、目的IP、端口、报文协议、报文字段中的一个或多个。将匹配的流量报文打包封装成restful报文发送给采集代理模块。In one embodiment, the traffic collection module is used to collect traffic and remote control events in the industrial control network. The traffic collection module is deployed on the traffic collection device, and is connected to the aggregation switch of the target environment in a bypass mode. And configure traffic mirroring on the access port to introduce the traffic of the target environment into the traffic collection module. The traffic collection module filters the traffic according to the parameter information set by the collection policy, and the parameter information includes one or more of source IP, destination IP, port, message protocol, and message field. Pack and encapsulate the matching traffic packets into restful packets and send them to the collection proxy module.

在一种实施方式中,所述规约采集模块,用于从DTU和工控设备SEL上采集一次的遥测、遥信、遥控信息。规约采集模块部署在规约采集设备上,采用旁路方式,接入目标PLC设备。规约采集设备具备以太网口和串口,支持接入网口或者串口的PLC设备。In one embodiment, the protocol collection module is used to collect once telemetry, telesignal and remote control information from the DTU and the industrial control equipment SEL. The protocol acquisition module is deployed on the protocol acquisition device, and is connected to the target PLC device in a bypass mode. The protocol acquisition device has an Ethernet port and a serial port, and supports access to a PLC device with a network port or a serial port.

一种基于上述采集系统的采集方法,包括3个阶段。A collection method based on the above collection system includes 3 stages.

阶段一(采集任务部署阶段):Phase 1 (collection task deployment phase):

采集任务管理模块将解析后的控制命令存入数据库中,将控制命令下发至采集代理模块,The acquisition task management module stores the analyzed control commands in the database, and sends the control commands to the acquisition agent module,

采集代理模块接收下发部署方案,确保命令下发到各项主机采集模块、流量采集模块和规约采集模块,并反馈部署进展。部署完成后,等待采集任务管理模块下发全源采集数据请求。其中,在考虑采集代理的资源利用程度的前提下,采集代理模块还承担着执行采集任务、收集采集结果、下载并组装采集模块、下发采集任务、上报采集结果等相关工作。The collection proxy module receives and sends deployment plans, ensures that commands are sent to various host collection modules, traffic collection modules, and protocol collection modules, and feeds back the deployment progress. After the deployment is complete, wait for the collection task management module to issue an all-source data collection request. Among them, under the premise of considering the resource utilization of the collection agent, the collection agent module also undertakes related tasks such as executing collection tasks, collecting collection results, downloading and assembling collection modules, issuing collection tasks, and reporting collection results.

采集部署阶段涉及部署方案下发接口、环境部署反馈接口。The collection and deployment phase involves the deployment plan delivery interface and the environment deployment feedback interface.

采集任务管理模块通过所述采集部署方案下发接口向采集代理模块下发环境部署方案。采集代理模块提供采集部署方案接收接口,所述接收接口采用http协议,支持post请求方式进行数据下发。采集代理模块采集所述部署方案下发接口,得到部署数据包括采集任务id、设备id和开始时间;当部署方案下发完成后,通过任务启动命令、任务暂停命令、任务停止命令控制采集行为。The collection task management module sends the environment deployment plan to the collection agent module through the collection deployment plan delivery interface. The collection agent module provides a receiving interface for the collection and deployment plan, and the receiving interface adopts the http protocol and supports post request for data delivery. The collection agent module collects the deployment scheme delivery interface, and obtains deployment data including the collection task id, device id and start time; when the deployment scheme is delivered, the collection behavior is controlled by a task start command, a task pause command, and a task stop command.

采集任务管理模块提供环境部署反馈接收接口。采集代理模块向采集任务管理模块上报环境部署状态,也即部署反馈数据。所述部署反馈数据包括采集任务id和部署进度。The acquisition task management module provides an interface for receiving environment deployment feedback. The collection agent module reports the environment deployment status, that is, the deployment feedback data, to the collection task management module. The deployment feedback data includes collection task id and deployment progress.

阶段二(采集任务启动阶段):Phase 2 (collection task startup phase):

采集代理模块接收到全源采集数据请求后,将请求报文派发主机采集模块、流量采集模块和规约采集模块。After the collection proxy module receives the all-source data collection request, it dispatches the request message to the host collection module, flow collection module and protocol collection module.

各项采集模块根据命令启动、暂停、停止数据采集任务,同时反馈任务状态。在采集任务执行过程中,采集代理模块上传采集结果数据。采集代理模块会将汇总的原始数据存入数据库中,同时清洗数据,并按照一定的规则分类存储规整后的数据。Each collection module starts, pauses, and stops data collection tasks according to commands, and feeds back the task status at the same time. During the execution of the acquisition task, the acquisition agent module uploads the acquisition result data. The collection agent module will store the aggregated raw data in the database, clean the data at the same time, and classify and store the regularized data according to certain rules.

采集部署阶段涉及采集任务控制接口,由所述采集代理模块提供。采集任务管理模块向采集代理模块推送采集任务控制命令。所述任务控制命令包括采集启动、暂停、停止等。所述任务控制命令的报文包括采集任务id,任务启动、暂停或者停止等命令。The acquisition and deployment phase involves the acquisition task control interface, which is provided by the acquisition agent module. The collection task management module pushes the collection task control command to the collection agent module. The task control command includes collection start, pause, stop and so on. The message of the task control command includes a collection task id, commands such as task start, pause or stop.

阶段三(采集结果上报阶段):Phase 3 (collection result reporting phase):

主机采集模块、流量采集模块和规约采集模块接收到代理模块下发的采集请求后。一边开始采集主机节点,网络流量和一次设备状态信息,一边开始将采集的信息通过全源采集数据上报接口上报到管理分系统。After the host collection module, traffic collection module and protocol collection module receive the collection request sent by the agent module. While starting to collect host node, network traffic and primary device status information, it starts to report the collected information to the management subsystem through the all-source data collection reporting interface.

采集结果上报阶段涉及全源采集数据上报接口,由采集代理模块提供。采集代理模块向采集任务管理模块推送采集数据,依据上报类型可分为主机节点数据、网络数据(流量、节点等)、业务数据(三遥)等。The collection result reporting stage involves the all-source collection data reporting interface, which is provided by the collection agent module. The collection agent module pushes the collection data to the collection task management module, which can be divided into host node data, network data (traffic, nodes, etc.), business data (three remotes), etc. according to the reporting type.

以上所述,仅是本申请的实施例,并非对本申请做任何形式的限制,虽然本申请以较佳实施例揭示如上,然而并非用以限制本申请,任何熟悉本专业的技术人员,在不脱离本申请技术方案的范围内,利用上述揭示的技术内容做出些许的变动或修饰均等同于等效实施案例,均属于技术方案范围内。The above is only an embodiment of the application, and does not limit the application in any form. Although the application is disclosed as above with a preferred embodiment, it is not used to limit the application. Within the scope of the technical solution of the present application, some changes or modifications made using the technical content disclosed above are equivalent to equivalent implementation cases, and all belong to the scope of the technical solution.

Claims (10)

1. An industrial control network environment data acquisition system, comprising: the system comprises an acquisition task management module, an acquisition proxy module, a host acquisition module, a flow acquisition module and a protocol acquisition module;
the acquisition task management module is used for receiving and analyzing the control instruction and the acquisition scheme, forming a deployment scheme by the analyzed acquisition scheme, and feeding back the acquisition strategy upwards; after deployment is completed, issuing a request for full-source acquisition data;
the acquisition agent module is used for receiving the deployment scheme, transmitting the deployment scheme to the host acquisition module, the flow acquisition module and the protocol acquisition module, and uploading deployment data to the acquisition task management module; and receiving the total source acquisition data request, distributing a request message to the host acquisition module, the flow acquisition module and the protocol acquisition module, and pushing acquisition data reported by the host acquisition module, the flow acquisition module and the protocol acquisition module to the acquisition task management module.
2. The industrial control network environment data acquisition system according to claim 1, wherein the acquisition task management module provides an acquisition deployment scheme issuing interface for issuing a deployment scheme to the acquisition proxy module; the acquisition agent module provides a deployment scheme receiving interface, adopts an http protocol, supports a post request mode, and is used for receiving the deployment scheme and issuing the deployment scheme to the host acquisition module, the flow acquisition module and the protocol acquisition module;
preferably, the collection agent module further provides an environment deployment feedback interface, which is used for reporting deployment feedback data of the host collection module, the flow collection module and the protocol collection module to the collection task management module; the acquisition task management module provides an environment deployment feedback receiving interface for acquiring the deployment feedback data;
preferably, the collecting agent module is further used for storing summarized original data, and classifying and storing the summarized original data after data cleaning and preprocessing;
preferably, the acquisition agent module provides an acquisition task control interface for acquiring an acquisition task control command pushed by the acquisition task management module;
preferably, the message of the task control command includes a task id and a task state, wherein the task state is start, pause or stop;
preferably, the collecting agent module provides a total source collecting data reporting interface, and is used for acquiring collecting data reported by the host collecting module, the flow collecting module and the protocol collecting module after the host collecting module, the flow collecting module and the protocol collecting module receive the total source collecting data request, and pushing the collecting data to the collecting task management module;
preferably, the reporting type of the collected data includes at least one of the following: host node data, network data, service data;
preferably, the host node data includes status information of the industrial control device;
preferably, the network data comprises at least one of: traffic within the industrial control network, remote control events;
preferably, the service data comprises three remote data of the industrial control equipment.
3. The industrial control network environment data collection system of claim 1, wherein the host collection module is deployed on a target host in a service manner.
4. The industrial control network environment data acquisition system according to claim 1, wherein the flow acquisition module is deployed on the flow acquisition device in a bypass manner, is connected to a convergence switch of the target environment, is configured with a flow mirror image on the access port, and introduces the flow of the target environment into the flow acquisition module.
5. The industrial control network environment data acquisition system according to claim 1, wherein the flow acquisition module is further configured to screen and filter flows according to an acquisition policy, package the matched flow packets into a restful packet, and send the restful packet to the acquisition proxy module;
preferably, the screened information at least includes one of the following: the set source IP, destination IP, port, message protocol and message field.
6. The industrial control network environment data acquisition system of claim 1, wherein the protocol acquisition module is deployed on the protocol acquisition device in a bypass manner to access the target PLC device.
7. A method for collecting environmental data based on the industrial control network according to any one of claims 1 to 6, comprising:
the acquisition task management module receives and analyzes the control instruction and the acquisition scheme, forms a deployment scheme by the analyzed acquisition scheme, issues the deployment scheme to the acquisition agent module, and feeds back the acquisition strategy upwards;
the acquisition agent module transmits an acquisition strategy to the host acquisition module, the flow acquisition module and the protocol acquisition module according to a deployment scheme, and acquires deployment data and deployment feedback data;
after deployment is completed, the acquisition agent module receives the full-source acquisition data request issued by the acquisition task management module and distributes the request message to the host acquisition module, the flow acquisition module and the protocol acquisition module;
the host acquisition module, the flow acquisition module and the protocol acquisition module feed back acquisition data to the acquisition task management module through the acquisition agent module.
8. The method according to claim 7, wherein the collecting task management module forms a deployment scenario from the parsed collecting scenario, and issues the deployment scenario to the collecting agent module includes:
the acquisition task management module provides a deployment scheme issuing interface and issues an environment deployment scheme to the acquisition proxy module, the acquisition proxy module provides a receiving interface, and the receiving interface adopts an http protocol to support a post request mode for data issuing;
preferably, the collecting deployment data comprises at least one of: collecting task id, equipment id and starting time;
preferably, the acquisition task management module provides an environment deployment feedback receiving interface, and the acquisition agent module reports an environment deployment state to the acquisition task management module;
preferably, the collecting deployment feedback data includes at least one of: and collecting task ids and deployment progress.
9. The acquisition method according to claim 7, characterized by comprising: the acquisition task management module pushes an acquisition task control command to the acquisition proxy module; the host acquisition module, the flow acquisition module and the protocol acquisition module complete acquisition tasks according to the task control commands;
preferably, in the executing process of the collection task, the collection agent module uploads the collection data of the host collection module, the flow collection module and the protocol collection module;
preferably, the collecting agent module gathers the original data into a database after acquiring the collected data of the host collecting module, the flow collecting module and the protocol collecting module;
preferably, the acquisition agent module performs data cleaning on the original data, and stores the data subjected to classification storage normalization into a database;
preferably, the acquisition agent module provides an acquisition task control interface;
preferably, the message for collecting the task control command includes at least one of the following: acquisition task DD220607I
id. Task start command, task pause command, task stop command.
10. The acquisition method according to claim 7, characterized by comprising: after the host acquisition module, the flow acquisition module and the protocol acquisition module receive the acquisition request issued by the acquisition proxy module, the acquisition data is reported to a subsystem in the acquisition proxy management module through a full-source acquisition data reporting interface while the data is acquired;
preferably, the acquired data comprises at least one of: host node data collected by the host collecting module, network data collected by the flow collecting module and service data collected by the protocol collecting module;
preferably, the host node data includes status information of the industrial control device;
preferably, the network data comprises at least one of: traffic within the industrial control network, remote control events;
preferably, the service data comprises three remote data of the industrial control equipment.
CN202310484729.XA 2023-04-28 2023-04-28 Industrial control network environment data acquisition system and method Pending CN116633965A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310484729.XA CN116633965A (en) 2023-04-28 2023-04-28 Industrial control network environment data acquisition system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310484729.XA CN116633965A (en) 2023-04-28 2023-04-28 Industrial control network environment data acquisition system and method

Publications (1)

Publication Number Publication Date
CN116633965A true CN116633965A (en) 2023-08-22

Family

ID=87590397

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310484729.XA Pending CN116633965A (en) 2023-04-28 2023-04-28 Industrial control network environment data acquisition system and method

Country Status (1)

Country Link
CN (1) CN116633965A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020194323A1 (en) * 2001-06-06 2002-12-19 Alcatel Method for deploying a service and a method for configuring a network element in a communication network
CN101515863A (en) * 2008-02-22 2009-08-26 中国移动通信集团公司 Network data acquiring method, acquisition machine and acquisition system
CN105720689A (en) * 2016-03-22 2016-06-29 广州供电局有限公司 Power telecontrol protocol combination method and power telecontrol protocol combiner
CN113965623A (en) * 2021-09-24 2022-01-21 中国人民解放军63880部队 Industrial control network data acquisition system based on mobile agent

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020194323A1 (en) * 2001-06-06 2002-12-19 Alcatel Method for deploying a service and a method for configuring a network element in a communication network
CN101515863A (en) * 2008-02-22 2009-08-26 中国移动通信集团公司 Network data acquiring method, acquisition machine and acquisition system
CN105720689A (en) * 2016-03-22 2016-06-29 广州供电局有限公司 Power telecontrol protocol combination method and power telecontrol protocol combiner
CN113965623A (en) * 2021-09-24 2022-01-21 中国人民解放军63880部队 Industrial control network data acquisition system based on mobile agent

Similar Documents

Publication Publication Date Title
CN114338281B (en) Model distribution application design method and system based on edge computing gateway
CN103166933B (en) A kind of data security switching system and method
CN102238023B (en) Method and device for generating warning data of network management system
CN109889551A (en) A kind of method of the Internet of Things cloud platform of Intelligent hardware access
US11914495B1 (en) Evaluating machine and process performance in distributed system
CN108365985A (en) A kind of cluster management method, device, terminal device and storage medium
CN104410662A (en) Parallel mass data transmitting middleware of Internet of things and working method thereof
CN103795803B (en) A kind of method of across a network environment remote deployment distributed data acquisition node
CN101977128B (en) Interface detection method and device for communication equipment
WO2011060642A1 (en) Automatic test system for distributed comprehensive service and method thereof
WO2012088905A1 (en) Polling sub-system and polling method for communication network system and communication apparatus
CN109379217B (en) A kind of different producer's arranging service device of Metropolitan Area Network (MAN)
CN115865680A (en) Method, system and device for distributed equipment access, control and data transmission
CN106412061A (en) Linux-based log folder remote transmission system
CN108400993A (en) The Internet of things system and storage medium that intelligent industrial apparatus components formula is set up
CN110995859A (en) Intelligent transformer substation supporting platform system based on ubiquitous Internet of things
CN103248512A (en) Method and system for generating topological structure of application layer in communication network
CN104699736A (en) Distributed massive data acquisition system and method based on mobile devices
CN101515863B (en) A network data acquisition method, acquisition machine and acquisition system
CN109493251A (en) A kind of electric power wireless public network monitoring system
CN112422663A (en) Industrial Internet of Things data centralization system and data aggregation, processing and storage methods
CN108107292B (en) Service data monitoring system and method of electric energy quality on-line monitoring system
CN110398985B (en) Distributed self-adaptive unmanned aerial vehicle measurement and control system and method
CN110326548A (en) A kind of method of live pig detection system and number statistical, detection
CN116633965A (en) Industrial control network environment data acquisition system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination