[go: up one dir, main page]

CN116684124A - Data acquisition and transmission method and system - Google Patents

Data acquisition and transmission method and system Download PDF

Info

Publication number
CN116684124A
CN116684124A CN202310554419.0A CN202310554419A CN116684124A CN 116684124 A CN116684124 A CN 116684124A CN 202310554419 A CN202310554419 A CN 202310554419A CN 116684124 A CN116684124 A CN 116684124A
Authority
CN
China
Prior art keywords
data
dcs system
full
log data
analysis platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310554419.0A
Other languages
Chinese (zh)
Inventor
常伟
王朝辉
翟婉波
姚慧卿
袁富
梁华林
杨立业
白伟明
梁一凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guoneng Zhishen Control Technology Co ltd
Original Assignee
Guoneng Zhishen Control Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guoneng Zhishen Control Technology Co ltd filed Critical Guoneng Zhishen Control Technology Co ltd
Priority to CN202310554419.0A priority Critical patent/CN116684124A/en
Publication of CN116684124A publication Critical patent/CN116684124A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The application provides a data acquisition and transmission method and system, and belongs to the technical field of data acquisition. The method comprises the following steps: and establishing communication connection between the intelligent collector and the DCS system. And collecting log data and full flow data of the DCS system through an intelligent collector. Therefore, the burden of the DCS system network external networking structure is reduced, and the complexity of the DCS system information security network is also reduced. And after the log data and the full flow data are gathered, the collected log data and the full flow data are sent to a plant-level analysis platform outside a local area network to which the DCS system belongs. And analyzing the log data and the full flow data through a factory-level analysis platform to obtain a first analysis result. The intelligent construction method and the intelligent construction system provide accurate data support for constructing the network security environment of the local area network, improve the work response efficiency of engineers, reduce the maintenance cost and effectively reduce the network access of the local area network while completing the intelligent construction, thereby reducing the network security risk point of the local area network and being beneficial to the network security management of the local area network.

Description

数据采集传输方法及系统Data collection and transmission method and system

技术领域technical field

本发明涉及数据采集技术领域,具体地涉及一种数据采集传输方法及一种数据采集传输系统。The invention relates to the technical field of data collection, and in particular to a data collection and transmission method and a data collection and transmission system.

背景技术Background technique

电厂安全区划分为控制区(安全生产Ⅰ区)、非控制区(安全Ⅱ区)和管理信息大区。其中,DCS系统主要分布于控制区,即安全生产Ⅰ区,DCS系统内的生产控制指令数据等内容均在安全生产Ⅰ区,是相对独立的局域网环境,与安全Ⅱ区通过单向隔离进行数据交互,不与互联网直接相连,安全生产Ⅰ区的数据需单独向外发送,外送至厂级分析平台,才能实现厂级分析平台建设。安全Ⅱ区主要是SIS系统,负责数据搜集处理,实现生产实时信息与管理信息的共享;而管理信息大区结合了生产数据及企业办公信息等数据。在智能电厂的建设过程中,传统日志采集及流量采集,需要使用两套独立的采集装置,完成数据收集工作,并汇入对应的分析平台进行分析处理,再经由分析平台向安全生产Ⅰ区外的厂级分析平台发送数据,完成智能电厂态势感知平台的总体建设工作,在该方案中,增加了DCS系统网络外组网结构负担,同时给安全生产Ⅰ区带来了较多网络出入口,引进网络安全风险点,不利于安全生产Ⅰ区的网络安全管理。The safety area of the power plant is divided into the control area (safety production area I), the non-control area (safety area II) and the management information area. Among them, the DCS system is mainly distributed in the control area, that is, the safety production area I. The production control instruction data and other contents in the DCS system are all in the safety production area I. It is a relatively independent LAN environment, and the data is separated from the safety area II through one-way isolation Interactive, not directly connected to the Internet, the data of the safety production area I need to be sent out separately, and sent to the factory-level analysis platform, in order to realize the construction of the factory-level analysis platform. The security II area is mainly the SIS system, which is responsible for data collection and processing, and realizes the sharing of real-time production information and management information; while the management information area combines production data and enterprise office information and other data. In the construction process of smart power plants, traditional log collection and traffic collection need to use two sets of independent collection devices to complete the data collection work, and import them into the corresponding analysis platform for analysis and processing, and then send them to the outside of the safety production zone I through the analysis platform The plant-level analysis platform sends data to complete the overall construction of the situation awareness platform of the smart power plant. In this scheme, the burden of the DCS system network external network structure is increased, and at the same time, more network entrances and exits are brought to the safety production zone I. The introduction of The network security risk point is not conducive to the network security management of the safe production area I.

图1是本申请提供的一种传统日志采集及流量采集网络结构图,如图1所示,传统日志采集及流量采集装置互相独立,分析平台相对独立,且向安全生产Ⅰ区外厂级分析平台汇总时,需要独立出口,不仅造成工程师维护及威胁响应不及时,而且增加了相对独立的安全生产Ⅰ区对外连接风险点。Figure 1 is a traditional log collection and flow collection network structure diagram provided by this application. As shown in Figure 1, the traditional log collection and flow collection devices are independent of each other, and the analysis platform is relatively independent, and it can be analyzed at the factory level outside the safety production zone I When the platform is aggregated, an independent export is required, which not only causes untimely engineer maintenance and threat response, but also increases the relatively independent external connection risk points of the safety production zone I.

发明内容Contents of the invention

本发明实施方式的目的是提供一种数据采集传输方法及系统,以至少解决上述的现有技术增加了DCS系统网络外组网结构负担,同时给安全生产Ⅰ区带来了较多网络出入口,引进网络安全风险点,不利于安全生产Ⅰ区的网络安全管理的问题。The purpose of the embodiments of the present invention is to provide a data collection and transmission method and system to at least solve the above-mentioned existing technology that increases the burden on the network structure outside the DCS system network, and at the same time brings more network entrances and exits to the safe production zone I. The introduction of network security risk points is not conducive to the issue of network security management in the safety production area I.

为了实现上述目的,本发明第一方面提供一种数据采集传输方法,包括:In order to achieve the above object, the first aspect of the present invention provides a data collection and transmission method, including:

建立智能采集器与DCS系统的通信连接;Establish a communication connection between the intelligent collector and the DCS system;

通过智能采集器采集DCS系统的日志数据和全流量数据;Collect the log data and full flow data of the DCS system through the intelligent collector;

汇聚日志数据和全流量数据后,发送至位于DCS系统所属局域网之外的厂级分析平台;After the log data and full flow data are aggregated, they are sent to the factory-level analysis platform located outside the local area network to which the DCS system belongs;

通过厂级分析平台对日志数据和全流量数据进行分析,得到第一分析结果。The log data and full flow data are analyzed through the factory-level analysis platform to obtain the first analysis results.

可选的,上述DCS系统包括交换机;Optionally, the above-mentioned DCS system includes a switch;

上述通过智能采集器采集DCS系统的全流量数据,包括:The above-mentioned collection of full flow data of the DCS system through the intelligent collector includes:

通过智能采集器接收交换机镜像口传输的全流量数据。Receive the full flow data transmitted by the mirror port of the switch through the intelligent collector.

可选的,上述通过智能采集器采集DCS系统的日志数据,包括:Optionally, the above-mentioned collection of log data of the DCS system through the intelligent collector includes:

智能采集器以Syslog形式接收部署于DCS系统的设备的设备代理采集的日志数据。The intelligent collector receives the log data collected by the device agent of the device deployed in the DCS system in the form of Syslog.

可选的,上述汇聚日志数据和全流量数据后,发送至位于DCS系统所属局域网之外的厂级分析平台,包括:Optionally, after the above aggregated log data and full flow data are sent to a factory-level analysis platform located outside the local area network to which the DCS system belongs, including:

对全流量数据进行压缩处理后,发送至厂级分析平台;After compressing the full flow data, send it to the factory-level analysis platform;

以Syslog形式将日志数据发送至厂级分析平台。Send the log data to the factory-level analysis platform in the form of Syslog.

可选的,上述通过厂级分析平台对日志数据和全流量数据进行分析,得到第一分析结果,包括:Optionally, the log data and full flow data are analyzed through the factory-level analysis platform to obtain the first analysis results, including:

挖掘日志数据和全流量数据的网络特征;Mining network characteristics of log data and full traffic data;

基于网络特征和预设白名单规则,结合预设威胁库进行关联分析,以判断是否存在异常数据流量;Based on network characteristics and preset whitelist rules, combined with preset threat databases, correlation analysis is performed to determine whether there is abnormal data traffic;

若存在异常数据流量,则根据异常数据流量,生成报警信息;If there is an abnormal data flow, an alarm message will be generated according to the abnormal data flow;

根据报警信息,识别发出异常数据流量的资产;According to the alarm information, identify the assets that send out abnormal data traffic;

基于发出异常数据流量的资产,进行溯源分析,得到第一分析结果,第一分析结果用于表征是否存在异常数据以及异常数据发生原因。Based on the asset that sends out the abnormal data flow, traceability analysis is performed to obtain the first analysis result, which is used to indicate whether there is abnormal data and the cause of the abnormal data.

可选的,上述数据采集传输方法还包括:Optionally, the above data collection and transmission method also includes:

通过厂级分析平台对日志数据进行可视化展示。Visual display of log data through the factory-level analysis platform.

可选的,上述智能采集器通信连接有局域网内分析平台,该方法还包括:Optionally, the communication connection of the above-mentioned intelligent collector has an analysis platform in a local area network, and the method also includes:

智能采集器将日志数据和全流量数据发送至局域网内分析平台;The intelligent collector sends the log data and full flow data to the analysis platform in the LAN;

通过局域网内分析平台对日志数据和全流量数据进行分析,得到第二分析结果。The log data and full flow data are analyzed through the analysis platform in the local area network to obtain the second analysis result.

本发明第二方面提供一种数据采集传输系统,包括:A second aspect of the present invention provides a data collection and transmission system, including:

连接建立模块,用于建立智能采集器与DCS系统的通信连接;The connection establishment module is used to establish the communication connection between the intelligent collector and the DCS system;

数据采集模块,用于通过智能采集器采集DCS系统的日志数据和全流量数据;The data collection module is used to collect the log data and full flow data of the DCS system through the intelligent collector;

数据传输模块,用于汇聚日志数据和全流量数据后,发送至位于DCS系统所属局域网之外的厂级分析平台;The data transmission module is used to aggregate log data and full flow data and send them to the factory-level analysis platform located outside the local area network to which the DCS system belongs;

数据分析模块,用于通过厂级分析平台对日志数据和全流量数据进行分析,得到第一分析结果。The data analysis module is used to analyze the log data and full flow data through the factory-level analysis platform to obtain the first analysis result.

本发明第三方面提供一种机器可读存储介质,该机器可读存储介质上存储有指令,该指令在被处理器执行时使得上述处理器被配置成执行上述的数据采集传输方法。A third aspect of the present invention provides a machine-readable storage medium, where instructions are stored on the machine-readable storage medium, and when the instructions are executed by a processor, the processor is configured to execute the above data collection and transmission method.

本发明第四方面提供一种电子设备,电子设备包括存储器、处理器以及存储在上述存储器中并可在上述处理器上运行的计算机程序,上述处理器执行上述计算机程序时实现上述的数据采集传输方法。The fourth aspect of the present invention provides an electronic device. The electronic device includes a memory, a processor, and a computer program stored in the memory and operable on the processor. When the processor executes the computer program, the above-mentioned data collection and transmission are realized. method.

通过上述技术方案,一种数据采集传输方法及系统仅通过智能采集器进行DCS系统全流量数据采集及DCS系统设备的日志数据采集工作,从而减少了DCS系统网络外组网结构负担,也就减轻了DCS系统信息安全网络复杂程度,进而高度集成DCS系统网络内的威胁告警及设备状态信息。经由智能采集器向位于DCS系统所属局域网即安全生产Ⅰ区之外的厂级分析平台进行数据外发,为构建安全生产Ⅰ区网络安全环境提供精准的数据支撑,在完成智能化建设的同时,提高了工程师的工作响应效率、降低了维护成本,并且有效减少了安全生产Ⅰ区的网络出入口,从而减少了安全生产Ⅰ区的网络安全风险点,有利于安全生产Ⅰ区的网络安全管理。Through the above technical solution, a data collection and transmission method and system only use the intelligent collector to collect the full flow data of the DCS system and the log data collection of the DCS system equipment, thereby reducing the burden on the network structure outside the DCS system network, and also reducing The complexity of the DCS system information security network is improved, and the threat alarm and equipment status information in the DCS system network are highly integrated. Through the intelligent collector, the data is sent out to the factory-level analysis platform located outside the safety production area I, which is the local area network of the DCS system, to provide accurate data support for the construction of the network security environment of the safety production area I area. While completing the intelligent construction, It improves the work response efficiency of engineers, reduces maintenance costs, and effectively reduces the network entrances and exits of the safety production area I, thereby reducing the network security risk points of the safety production area I area, which is beneficial to the network security management of the safety production area I area.

发明实施方式的其它特征和优点将在随后的具体实施方式部分予以详细说明。Other features and advantages of embodiments of the invention will be described in detail in the detailed description that follows.

附图说明Description of drawings

附图是用来提供对本发明实施方式的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本发明实施方式,但并不构成对本发明实施方式的限制。在附图中:The accompanying drawings are used to provide a further understanding of the embodiments of the present invention, and constitute a part of the description, together with the following specific embodiments, are used to explain the embodiments of the present invention, but do not constitute limitations to the embodiments of the present invention. In the attached picture:

图1是本申请提供的一种传统日志采集及流量采集网络结构图;Fig. 1 is a kind of traditional log collection and traffic collection network structural diagram that this application provides;

图2是本发明一种实施方式提供的一种数据采集传输方法的流程图;Fig. 2 is a flow chart of a data collection and transmission method provided by an embodiment of the present invention;

图3是本发明一种实施方式提供的智能采集器日志及流量采集网络结构图;Fig. 3 is a log and traffic collection network structural diagram of an intelligent collector provided by an embodiment of the present invention;

图4是本发明一种实施方式提供的一种数据采集传输系统的结构框图;Fig. 4 is a structural block diagram of a data acquisition and transmission system provided by an embodiment of the present invention;

图5是本发明优选实施方式提供的一种电子设备结构示意图。Fig. 5 is a schematic structural diagram of an electronic device provided by a preferred embodiment of the present invention.

附图标记说明Explanation of reference signs

10-电子设备,100-处理器,101-存储器,102-计算机程序。10-electronic equipment, 100-processor, 101-memory, 102-computer program.

具体实施方式Detailed ways

以下结合附图对本发明的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本发明,并不用于限制本发明。Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to illustrate and explain the present invention, and are not intended to limit the present invention.

请参照图2和图3,图2是本发明一种实施方式提供的一种数据采集传输方法的流程图,图3是本发明一种实施方式提供的智能采集器日志及流量采集网络结构图。本发明实施方式提供一种数据采集传输方法,包括:Please refer to Figure 2 and Figure 3, Figure 2 is a flow chart of a data collection and transmission method provided by an embodiment of the present invention, and Figure 3 is a structural diagram of an intelligent collector log and traffic collection network provided by an embodiment of the present invention . An embodiment of the present invention provides a data collection and transmission method, including:

S110:建立智能采集器与DCS系统的通信连接;S110: establishing a communication connection between the intelligent collector and the DCS system;

具体的,将智能采集器接入DCS系统中,以实现智能采集器与DCS系统的通信连接建立。Specifically, the intelligent collector is connected to the DCS system, so as to establish a communication connection between the intelligent collector and the DCS system.

S120:通过智能采集器采集DCS系统的日志数据和全流量数据;S120: collect the log data and full flow data of the DCS system through the intelligent collector;

S130:汇聚日志数据和全流量数据后,发送至位于DCS系统所属局域网之外的厂级分析平台;S130: After collecting log data and full flow data, send them to the factory-level analysis platform located outside the local area network to which the DCS system belongs;

其中,DCS系统所属局域网为安全生产Ⅰ区。Among them, the local area network to which the DCS system belongs belongs to the safety production area I.

具体的,通过智能采集器接收全流量数据及日志数据,完成安全生产Ⅰ区的信息数据汇聚,并转发至安全生产Ⅰ区外厂级分析平台进行分析,为构建安全生产Ⅰ区网络安全环境提供精准的数据支撑。有效避免了现有技术中由于不能实现全流量转发,仅能通过局域网内分析平台转发出分析结果,导致厂级分析平台数据不完整,仅能展示分析后的结果,无法实现网络威胁溯源的问题。Specifically, the intelligent collector receives the full flow data and log data, completes the aggregation of information and data in the safety production area I, and forwards it to the factory-level analysis platform outside the safety production area I for analysis, providing a network security environment for the construction of the safety production area I area Accurate data support. Effectively avoid the problem in the existing technology that the analysis results can only be forwarded through the analysis platform in the LAN because the full traffic forwarding cannot be realized, resulting in incomplete data on the factory-level analysis platform, which can only display the analyzed results and cannot realize the source of network threats .

S140:通过厂级分析平台对日志数据和全流量数据进行分析,得到第一分析结果。S140: Analyzing the log data and full flow data through the factory-level analysis platform to obtain a first analysis result.

具体的,该方法仅通过智能采集器进行DCS系统全流量数据采集及DCS系统设备的日志数据采集工作,从而减少了DCS系统网络外组网结构负担,也就减轻了DCS系统信息安全网络复杂程度,进而高度集成DCS系统网络内的威胁告警及设备状态信息。经由智能采集器向位于DCS系统所属局域网即安全生产Ⅰ区之外的厂级分析平台进行数据外发,为构建安全生产Ⅰ区网络安全环境提供精准的数据支撑,在完成智能化建设的同时,提高了工程师的工作响应效率、降低了维护成本,并且有效减少了安全生产Ⅰ区的网络出入口,从而减少了安全生产Ⅰ区的网络安全风险点,有利于安全生产Ⅰ区的网络安全管理。Specifically, this method only collects the full flow data of the DCS system and the log data collection of the DCS system equipment through the intelligent collector, thereby reducing the burden on the network structure outside the DCS system network, and also reducing the complexity of the information security network of the DCS system , and then highly integrate threat alarms and equipment status information in the DCS system network. Through the intelligent collector, the data is sent out to the factory-level analysis platform located outside the safety production area I, which is the local area network of the DCS system, to provide accurate data support for the construction of the network security environment of the safety production area I area. While completing the intelligent construction, It improves the work response efficiency of engineers, reduces maintenance costs, and effectively reduces the network entrances and exits of the safety production area I, thereby reducing the network security risk points of the safety production area I area, which is beneficial to the network security management of the safety production area I area.

需要说明的是,上述厂级分析平台能够同时接收安全生产Ⅰ区、安全Ⅱ区和管理信息大区的数据。It should be noted that the above-mentioned factory-level analysis platform can simultaneously receive data from the safety production area I, the safety area II, and the management information area.

可选的,上述DCS系统包括交换机;Optionally, the above-mentioned DCS system includes a switch;

上述通过智能采集器采集DCS系统的全流量数据,包括:The above-mentioned collection of full flow data of the DCS system through the intelligent collector includes:

通过智能采集器接收交换机镜像口传输的全流量数据。从而完成DCS系统全流量数据采集工作。其中,图3中的镜像数据即交换机镜像口传输的全流量数据。Receive the full flow data transmitted by the mirror port of the switch through the intelligent collector. In order to complete the DCS system full flow data collection work. Wherein, the mirrored data in FIG. 3 is the full flow data transmitted by the mirrored port of the switch.

可选的,上述通过智能采集器采集DCS系统的日志数据,包括:Optionally, the above-mentioned collection of log data of the DCS system through the intelligent collector includes:

智能采集器以Syslog形式接收部署于DCS系统的设备的设备代理采集的日志数据。The intelligent collector receives the log data collected by the device agent of the device deployed in the DCS system in the form of Syslog.

具体的,部署于DCS系统的设备都设置有设备代理(agent),该agent可以是软件或者硬件实体,主要用于周期性采集对应设备的日志数据。该agent将采集的日志数据以Syslog形式传输至智能采集器,从而实现通过智能采集器进行日志数据采集工作的目的。Specifically, all devices deployed in the DCS system are provided with a device agent (agent), which may be a software or hardware entity, and is mainly used to periodically collect log data of the corresponding device. The agent transmits the collected log data to the intelligent collector in the form of Syslog, so as to realize the purpose of collecting log data through the intelligent collector.

示例性的,上述日志数据可以包括设备告警信息、设备资源使用情况。Exemplarily, the above log data may include device alarm information and device resource usage.

可选的,上述汇聚日志数据和全流量数据后,发送至位于DCS系统所属局域网之外的厂级分析平台,包括:Optionally, after the above aggregated log data and full flow data are sent to a factory-level analysis platform located outside the local area network to which the DCS system belongs, including:

对全流量数据进行压缩处理后,发送至厂级分析平台;After compressing the full flow data, send it to the factory-level analysis platform;

以Syslog形式将日志数据发送至厂级分析平台。Send the log data to the factory-level analysis platform in the form of Syslog.

具体的,智能采集器采集DCS系统网络内的全流量数据,经压缩处理后转发至厂级分析平台,由厂级分析平台对全流量数据进行解析,同时通过Syslog形式将采集到的日志数据转发至厂级分析平台,由厂级分析平台进行设备日志分析、资源使用情况等内容展示。Specifically, the intelligent collector collects the full flow data in the DCS system network, and forwards it to the plant-level analysis platform after compression processing, and the plant-level analysis platform analyzes the full flow data, and at the same time forwards the collected log data in the form of Syslog To the factory-level analysis platform, the factory-level analysis platform performs equipment log analysis, resource usage and other content display.

可选的,上述通过厂级分析平台对日志数据和全流量数据进行分析,得到第一分析结果,包括:Optionally, the log data and full flow data are analyzed through the factory-level analysis platform to obtain the first analysis results, including:

挖掘日志数据和全流量数据的网络特征;Mining network characteristics of log data and full traffic data;

基于网络特征和预设白名单规则,结合预设威胁库进行关联分析,以判断是否存在异常数据流量;Based on network characteristics and preset whitelist rules, combined with preset threat databases, correlation analysis is performed to determine whether there is abnormal data traffic;

若存在异常数据流量,则根据异常数据流量,生成报警信息;If there is an abnormal data flow, an alarm message will be generated according to the abnormal data flow;

根据报警信息,识别发出异常数据流量的资产;According to the alarm information, identify the assets that send out abnormal data traffic;

基于发出异常数据流量的资产,进行溯源分析,得到第一分析结果,第一分析结果用于表征是否存在异常数据以及异常数据发生原因。Based on the asset that sends out the abnormal data flow, traceability analysis is performed to obtain the first analysis result, which is used to indicate whether there is abnormal data and the cause of the abnormal data.

具体的,挖掘出日志数据和全流量数据的高细粒度的网络特征,手动配置预设白名单规则或基于挖掘出的网络特征,结合预设威胁库进行多维度关联分析,判别汇聚的日志数据和全流量数据是否存在风险特征,若出现异常数据流量,即产生异常数据报警,则生成报警信息,通过报警信息识别发出异常数据流量的资产,并进行溯源分析,进行取证,判断是否真实存在异常数据,以及具体异常,并加以处置。Specifically, dig out the high-grained network characteristics of log data and full traffic data, manually configure preset whitelist rules or based on the mined network characteristics, and perform multi-dimensional correlation analysis in combination with preset threat databases to identify aggregated log data And whether there are risk characteristics in the full flow data, if there is an abnormal data flow, an abnormal data alarm will be generated, and an alarm message will be generated, and the asset that sent the abnormal data flow will be identified through the alarm information, and traceability analysis will be performed to obtain evidence to determine whether there is an abnormality data, as well as specific exceptions, and handle them.

例如,调查出发生异常的原因后,根据具体问题进行具体的处理,如果是机器坏了造成的,就更换机器,如果是人为,那就可能是处理人的原因。For example, after investigating the cause of the abnormality, carry out specific treatment according to the specific problem. If the machine is broken, replace the machine. If it is human-made, it may be caused by the handler.

在本实施例的一些实施方式中,可以利用深度学习算法处理日志数据和全流量数据,挖掘出高细粒度网络特征。In some implementations of this embodiment, a deep learning algorithm may be used to process log data and full traffic data to mine high-fine-grained network features.

可选的,上述数据采集传输方法还包括:Optionally, the above data collection and transmission method also includes:

通过厂级分析平台对日志数据进行可视化展示。Visual display of log data through the factory-level analysis platform.

可选的,上述智能采集器通信连接有局域网内分析平台,该方法还包括:Optionally, the communication connection of the above-mentioned intelligent collector has an analysis platform in a local area network, and the method also includes:

智能采集器将日志数据和全流量数据发送至局域网内分析平台;The intelligent collector sends the log data and full flow data to the analysis platform in the LAN;

通过局域网内分析平台对日志数据和全流量数据进行分析,得到第二分析结果。The log data and full flow data are analyzed through the analysis platform in the local area network to obtain the second analysis result.

具体的,在DCS系统所属的局域网内设置局域网内分析平台,智能采集器将日志数据和全流量数据发送至局域网内分析平台进行分析,从而通过局域网内分析平台可单独显示DCS系统的数据分析结果。Specifically, an analysis platform in the LAN is set up in the LAN to which the DCS system belongs, and the intelligent collector sends log data and full flow data to the analysis platform in the LAN for analysis, so that the data analysis results of the DCS system can be displayed separately through the analysis platform in the LAN .

图4是本发明一种实施方式提供的一种数据采集传输系统的结构框图,如图4所示,本发明实施方式提供一种数据采集传输系统,包括:Fig. 4 is a structural block diagram of a data collection and transmission system provided by an embodiment of the present invention. As shown in Fig. 4, an embodiment of the present invention provides a data collection and transmission system, including:

连接建立模块,用于建立智能采集器与DCS系统的通信连接;The connection establishment module is used to establish the communication connection between the intelligent collector and the DCS system;

数据采集模块,用于通过智能采集器采集DCS系统的日志数据和全流量数据;The data collection module is used to collect the log data and full flow data of the DCS system through the intelligent collector;

数据传输模块,用于汇聚日志数据和全流量数据后,发送至位于DCS系统所属局域网之外的厂级分析平台;The data transmission module is used to aggregate log data and full flow data and send them to the factory-level analysis platform located outside the local area network to which the DCS system belongs;

数据分析模块,用于通过厂级分析平台对日志数据和全流量数据进行分析,得到第一分析结果。The data analysis module is used to analyze the log data and full flow data through the factory-level analysis platform to obtain the first analysis result.

具体的,该系统仅通过智能采集器进行DCS系统全流量数据采集及DCS系统设备的日志数据采集工作,从而减少了DCS系统网络外组网结构负担,也就减轻了DCS系统信息安全网络复杂程度,进而高度集成DCS系统网络内的威胁告警及设备状态信息。经由智能采集器向位于DCS系统所属局域网即安全生产Ⅰ区之外的厂级分析平台进行数据外发,为构建安全生产Ⅰ区网络安全环境提供精准的数据支撑,在完成智能化建设的同时,提高了工程师的工作响应效率、降低了维护成本,并且有效减少了安全生产Ⅰ区的网络出入口,从而减少了安全生产Ⅰ区的网络安全风险点,有利于安全生产Ⅰ区的网络安全管理。Specifically, the system only collects DCS system full-flow data and DCS system equipment log data collection through intelligent collectors, thereby reducing the burden on the network structure outside the DCS system network, and also reducing the complexity of the DCS system information security network , and then highly integrate threat alarms and equipment status information in the DCS system network. Through the intelligent collector, the data is sent out to the factory-level analysis platform located outside the safety production area I, which is the local area network of the DCS system, to provide accurate data support for the construction of the network security environment of the safety production area I area. While completing the intelligent construction, It improves the work response efficiency of engineers, reduces maintenance costs, and effectively reduces the network entrances and exits of the safety production area I, thereby reducing the network security risk points of the safety production area I area, which is beneficial to the network security management of the safety production area I area.

本发明实施方式提供一种机器可读存储介质,该机器可读存储介质上存储有指令,该指令在被处理器执行时使得处理器被配置成执行上述的数据采集传输方法。An embodiment of the present invention provides a machine-readable storage medium, where an instruction is stored on the machine-readable storage medium, and when the instruction is executed by a processor, the processor is configured to execute the above data collection and transmission method.

机器可读存储介质包括永久性和非永久性、可移动和非可移动媒体,可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Machine-readable storage media includes both volatile and non-volatile, removable and non-removable media that may be implemented by any method or technology for storage of information. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cartridge, tape magnetic disk storage or other magnetic storage device or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.

本发明实施方式提供一种电子设备,电子设备包括存储器、处理器以及存储在存储器中并可在处理器上运行的计算机程序,处理器执行计算机程序时实现上述的数据采集传输方法。An embodiment of the present invention provides an electronic device. The electronic device includes a memory, a processor, and a computer program stored in the memory and operable on the processor. When the processor executes the computer program, the above data collection and transmission method is realized.

如图5所示是本发明一实施例提供的电子设备的示意图。如图5所示,该实施例的电子设备10包括:处理器100、存储器101以及存储在存储器101中并可在处理器100上运行的计算机程序102。处理器100执行计算机程序102时实现上述方法实施例中的步骤。或者,处理器100执行计算机程序102时实现上述装置实施例中各模块/单元的功能。FIG. 5 is a schematic diagram of an electronic device provided by an embodiment of the present invention. As shown in FIG. 5 , the electronic device 10 of this embodiment includes: a processor 100 , a memory 101 , and a computer program 102 stored in the memory 101 and operable on the processor 100 . The steps in the foregoing method embodiments are implemented when the processor 100 executes the computer program 102 . Alternatively, when the processor 100 executes the computer program 102, the functions of the modules/units in the above device embodiments are implemented.

示例性的,计算机程序102可以被分割成一个或多个模块/单元,一个或者多个模块/单元被存储在存储器101中,并由处理器100执行,以完成本发明。一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述计算机程序102在终端设备10中的执行过程。例如,计算机程序102可以被分割成连接建立模块、数据采集模块、数据传输模块及数据分析模块。Exemplarily, the computer program 102 can be divided into one or more modules/units, and one or more modules/units are stored in the memory 101 and executed by the processor 100 to implement the present invention. One or more modules/units may be a series of computer program instruction segments capable of accomplishing specific functions, and the instruction segments are used to describe the execution process of the computer program 102 in the terminal device 10 . For example, the computer program 102 can be divided into a connection establishment module, a data acquisition module, a data transmission module and a data analysis module.

电子设备10可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。电子设备10可包括,但不仅限于,处理器100、存储器101。本领域技术人员可以理解,图5仅仅是电子设备10的示例,并不构成对电子设备10的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如电子设备还可以包括输入输出设备、网络接入设备、总线等。The electronic device 10 may be computing devices such as desktop computers, notebooks, palmtop computers, and cloud servers. The electronic device 10 may include, but not limited to, a processor 100 and a memory 101 . Those skilled in the art can understand that FIG. 5 is only an example of the electronic device 10, and does not constitute a limitation to the electronic device 10. It may include more or less components than shown in the figure, or combine certain components, or different components. , for example, the electronic device may also include input and output devices, network access devices, buses, and so on.

处理器100可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 100 may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

存储器101可以是电子设备10的内部存储单元,例如电子设备10的硬盘或内存。存储器101也可以是电子设备10的外部存储设备,例如电子设备10上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器101还可以既包括电子设备10的内部存储单元也包括外部存储设备。存储器101用于存储计算机程序以及电子设备10所需的其他程序和数据。存储器101还可以用于暂时地存储已经输出或者将要输出的数据。The storage 101 may be an internal storage unit of the electronic device 10 , such as a hard disk or a memory of the electronic device 10 . The memory 101 can also be an external storage device of the electronic device 10, such as a plug-in hard disk equipped on the electronic device 10, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, a flash memory card (Flash Card) and so on. Further, the memory 101 may also include both an internal storage unit of the electronic device 10 and an external storage device. The memory 101 is used to store computer programs and other programs and data required by the electronic device 10 . The memory 101 can also be used to temporarily store data that has been output or will be output.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of description, only the division of the above-mentioned functional units and modules is used for illustration. In practical applications, the above-mentioned functions can be assigned to different functional units, Completion of modules means that the internal structure of the device is divided into different functional units or modules to complete all or part of the functions described above. Each functional unit and module in the embodiment may be integrated into one processing unit, or each unit may exist separately physically, or two or more units may be integrated into one unit, and the above-mentioned integrated units may adopt hardware It can also be implemented in the form of software functional units. In addition, the specific names of the functional units and modules are only for the convenience of distinguishing each other, and are not used to limit the protection scope of the present application. For the specific working processes of the units and modules in the above system, reference may be made to the corresponding processes in the aforementioned method embodiments, and details will not be repeated here.

本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes Other elements not expressly listed, or elements inherent in the process, method, commodity, or apparatus are also included. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus that includes the element.

以上仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The above are only examples of the present application, and are not intended to limit the present application. For those skilled in the art, various modifications and changes may occur in this application. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application shall be included within the scope of the claims of the present application.

Claims (10)

1. A data acquisition and transmission method, comprising:
establishing communication connection between the intelligent collector and the DCS system;
collecting log data and full flow data of the DCS system through the intelligent collector;
the log data and the full flow data are collected and then sent to a factory-level analysis platform outside a local area network to which the DCS system belongs;
and analyzing the log data and the full flow data through the factory-level analysis platform to obtain a first analysis result.
2. The data acquisition and transmission method according to claim 1, wherein the DCS system includes a switch;
the collecting of the full flow data of the DCS system by the intelligent collector comprises the following steps:
and receiving full-flow data transmitted by the switch mirror image port through the intelligent collector.
3. The data collection and transmission method according to claim 1, wherein the collecting, by the intelligent collector, log data of the DCS system includes:
the intelligent collector receives log data collected by an equipment agent of equipment deployed in the DCS system in a Syslog form.
4. The data collection and transmission method according to claim 1, wherein the step of converging the log data and the full-flow data and then sending the collected log data and the full-flow data to a factory-level analysis platform located outside a local area network to which a DCS system belongs, includes:
after compressing the full-flow data, sending the full-flow data to a factory-level analysis platform;
the log data is sent to the factory level analysis platform in the form of Syslog.
5. The data collection and transmission method according to claim 1, wherein the analyzing the log data and the full-flow data by the factory-level analysis platform to obtain a first analysis result includes:
mining network characteristics of the log data and the full-flow data;
based on the network characteristics and a preset white list rule, carrying out association analysis by combining a preset threat library so as to judge whether abnormal data traffic exists;
if abnormal data flow exists, generating alarm information according to the abnormal data flow;
identifying assets which send out abnormal data traffic according to the alarm information;
and performing traceability analysis based on the asset sending out the abnormal data flow to obtain a first analysis result, wherein the first analysis result is used for representing whether abnormal data exists or not and the occurrence reason of the abnormal data.
6. The data acquisition and transmission method of claim 1, further comprising:
and visually displaying the log data through a factory-level analysis platform.
7. The data acquisition and transmission method of claim 1, wherein the intelligent collector is communicatively connected to an intra-lan analysis platform, the method further comprising:
the intelligent collector sends the log data and the full-flow data to the local area network analysis platform;
and analyzing the log data and the full flow data through the local area network analysis platform to obtain a second analysis result.
8. A data acquisition and transmission system, comprising:
the connection establishment module is used for establishing communication connection between the intelligent collector and the DCS system;
the data acquisition module is used for acquiring log data and full flow data of the DCS through the intelligent acquisition device;
the data transmission module is used for converging the log data and the full flow data and then sending the log data and the full flow data to a plant-level analysis platform outside a local area network to which the DCS system belongs;
and the data analysis module is used for analyzing the log data and the full flow data through the factory-level analysis platform to obtain a first analysis result.
9. A machine-readable storage medium having instructions stored thereon, which when executed by a processor cause the processor to be configured to perform the data acquisition transmission method of any one of claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the data acquisition transmission method of any one of claims 1 to 7 when the computer program is executed by the processor.
CN202310554419.0A 2023-05-16 2023-05-16 Data acquisition and transmission method and system Pending CN116684124A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310554419.0A CN116684124A (en) 2023-05-16 2023-05-16 Data acquisition and transmission method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310554419.0A CN116684124A (en) 2023-05-16 2023-05-16 Data acquisition and transmission method and system

Publications (1)

Publication Number Publication Date
CN116684124A true CN116684124A (en) 2023-09-01

Family

ID=87786340

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310554419.0A Pending CN116684124A (en) 2023-05-16 2023-05-16 Data acquisition and transmission method and system

Country Status (1)

Country Link
CN (1) CN116684124A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118584882A (en) * 2024-08-02 2024-09-03 朗坤智慧科技股份有限公司 A high-precision integration method and system for distributed control system alarm event signals

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113225313A (en) * 2021-03-26 2021-08-06 大唐三门峡发电有限责任公司 Information safety protection system for DCS system
CN114527717A (en) * 2022-02-25 2022-05-24 苏州盛虹数云科技有限公司 Chemical safety production early warning system and safety early warning method thereof
CN115134131A (en) * 2022-06-20 2022-09-30 中能融合智慧科技有限公司 Situation awareness-based Internet of things communication transmission system
CN115348103A (en) * 2022-08-22 2022-11-15 中能融合智慧科技有限公司 Industrial control security situation awareness collaborative linkage system and industrial control security data processing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113225313A (en) * 2021-03-26 2021-08-06 大唐三门峡发电有限责任公司 Information safety protection system for DCS system
CN114527717A (en) * 2022-02-25 2022-05-24 苏州盛虹数云科技有限公司 Chemical safety production early warning system and safety early warning method thereof
CN115134131A (en) * 2022-06-20 2022-09-30 中能融合智慧科技有限公司 Situation awareness-based Internet of things communication transmission system
CN115348103A (en) * 2022-08-22 2022-11-15 中能融合智慧科技有限公司 Industrial control security situation awareness collaborative linkage system and industrial control security data processing method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
闫印强等: ""工业控制区全流量日志分析应用研究"", 《工业信息安全》, no. 09, 18 September 2022 (2022-09-18), pages 39 - 45 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118584882A (en) * 2024-08-02 2024-09-03 朗坤智慧科技股份有限公司 A high-precision integration method and system for distributed control system alarm event signals

Similar Documents

Publication Publication Date Title
CN112416645B (en) Fault root cause deducing and positioning method and device based on artificial intelligence
CN108039959B (en) Data situation perception method, system and related device
US20190228296A1 (en) Significant events identifier for outlier root cause investigation
CN108063699B (en) Network performance monitoring method and device, electronic equipment and storage medium
US20160300065A1 (en) Program Vulnerability Identification
CN113918361A (en) Terminal control method, device, equipment and medium based on Internet of things rule engine
CN111756801A (en) A method and system for processing big data in intelligent manufacturing
CN112559831A (en) Link monitoring method and device, computer equipment and medium
US8959051B2 (en) Offloading collection of application monitoring data
CN113536312B (en) Alarm information processing method and device
CN114840519B (en) Data labeling method, device and storage medium
CN110347694B (en) Equipment monitoring method, device and system based on Internet of things
Sanjappa et al. Analysis of logs by using logstash
CN111800292A (en) Early warning method and device based on historical flow, computer equipment and storage medium
CN114528554A (en) Information security operation scene monitoring display platform
CN115829768A (en) Data calculation method, device and equipment based on rule engine and storage medium
CN111796993A (en) Data processing method and device, electronic equipment and computer readable storage medium
CN113204592B (en) Data processing method, system and device in Internet of things scene and storage medium
CN116684124A (en) Data acquisition and transmission method and system
CN113672472A (en) Disk monitoring method and device
CN113794719B (en) Network abnormal traffic analysis method and device based on elastic search technology and electronic equipment
CN104993977B (en) Online data monitoring method and system based on IEC61968 standard
CN118869319A (en) A password operation security management system, method, device and storage medium
CN116482460A (en) Grid equipment fault diagnosis method and related equipment
CN116841830A (en) A data center operation and maintenance method, device, equipment and media

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination