[go: up one dir, main page]

CN111680906A - Industrial control system safety detection and early warning oriented system construction method and device - Google Patents

Industrial control system safety detection and early warning oriented system construction method and device Download PDF

Info

Publication number
CN111680906A
CN111680906A CN202010493767.8A CN202010493767A CN111680906A CN 111680906 A CN111680906 A CN 111680906A CN 202010493767 A CN202010493767 A CN 202010493767A CN 111680906 A CN111680906 A CN 111680906A
Authority
CN
China
Prior art keywords
early warning
industrial control
instruction
control equipment
personnel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010493767.8A
Other languages
Chinese (zh)
Other versions
CN111680906B (en
Inventor
杨灵运
侯伟
王飞飞
杨廷玮泞
陈�胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Casicloud Technology Co ltd
Original Assignee
Guizhou Casicloud Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Casicloud Technology Co ltd filed Critical Guizhou Casicloud Technology Co ltd
Priority to CN202010493767.8A priority Critical patent/CN111680906B/en
Publication of CN111680906A publication Critical patent/CN111680906A/en
Application granted granted Critical
Publication of CN111680906B publication Critical patent/CN111680906B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/20Administration of product repair or maintenance
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B21/00Alarms responsive to a single specified undesired or abnormal condition and not otherwise provided for
    • G08B21/18Status alarms
    • G08B21/182Level alarms, e.g. alarms responsive to variables exceeding a threshold
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B25/00Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems
    • G08B25/01Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium
    • G08B25/08Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium using communication transmission lines
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y20/00Information sensed or collected by the things
    • G16Y20/10Information sensed or collected by the things relating to the environment, e.g. temperature; relating to location
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/10Detection; Monitoring
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/20Analytics; Diagnosis
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/40Maintenance of things
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Emergency Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Development Economics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Game Theory and Decision Science (AREA)
  • Biomedical Technology (AREA)
  • Educational Administration (AREA)
  • Environmental & Geological Engineering (AREA)
  • Toxicology (AREA)
  • Component Parts Of Construction Machinery (AREA)
  • Alarm Systems (AREA)

Abstract

The invention discloses a system construction method and a device for industrial control system safety detection and early warning, which are used for solving the problems that the existing industrial control system safety detection system can not carry out safety analysis and early warning according to the temperature information of industrial control equipment, the moment and the total times of the industrial control equipment being attacked by viruses and reasonably distributes the early warning industrial control equipment to corresponding technical personnel for early warning treatment; the safety analysis module carries out safety analysis on industrial control information, the safety early warning module carries out early warning processing on an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction, and the safety analysis is carried out on industrial control equipment in an industrial control system and the safety analysis is reasonably distributed to corresponding selected early warning personnel for processing, so that the timely early warning processing in the industrial control equipment is improved.

Description

Industrial control system safety detection and early warning oriented system construction method and device
Technical Field
The invention relates to the technical field of safety detection and early warning of industrial control systems, in particular to a system construction method and a device for safety detection and early warning of an industrial control system.
Background
Since the advent of industrial control systems, dedicated hardware, software and communication protocols have been adopted. Most industrial control systems are closed systems, have strong specificity and are less influenced by the outside, so that the safety of the industrial control systems is not paid enough attention. With the rapid development of information technology, the application of information technology in industrial control systems has developed rapidly, a large number of TCP/IP technologies are adopted in industrial control networks, the association between the industrial control networks and enterprise management networks is more and more compact, the industrial control systems are also developed from closed to open systems, and the communication security problem which must be considered in interconnection is basically not considered in the design. The protection functions of the enterprise management network and the industrial control network are weak, and even the isolation function is almost not realized; therefore, when the industrial control system is opened, the isolation between the industrial control system and the outside is weakened, and the potential safety hazard problem of the industrial control system is more and more severe, so that a system for safety detection and early warning of the industrial control system needs to be designed;
the existing safety detection system of the industrial control system cannot perform safety analysis and early warning according to the temperature information of the industrial control equipment, the moment and the total times of the industrial control equipment being attacked by viruses, and cannot reasonably distribute the early warning industrial control equipment to corresponding technicians for early warning treatment.
Disclosure of Invention
The invention aims to provide a system construction method and a device facing industrial control system safety detection and early warning, aiming at solving the problems that the existing industrial control system safety detection system can not perform safety analysis and early warning according to the temperature information of industrial control equipment, the moment and the total times of the industrial control equipment being attacked by viruses, and can not reasonably distribute the early warning industrial control equipment to corresponding technicians for early warning treatment; according to the invention, the safety analysis is carried out on the industrial control equipment in the industrial control system and the industrial control equipment is reasonably distributed to the corresponding selected early warning personnel for processing, so that the timely early warning processing in the industrial control equipment is improved.
The purpose of the invention can be realized by the following technical scheme: a construction method of a safety detection and early warning system for an industrial control system comprises the following steps:
the method comprises the following steps: industrial control information of industrial control equipment in the industrial control system is acquired through a data acquisition module and sent to a server;
step two: safety analysis is carried out on the industrial control information through a safety analysis module, and the specific analysis steps are as follows:
s21: setting industrial control equipment as Gi, i is 1, … … and n; setting a preset important value for all industrial control equipment pairs in the industrial control system; matching the industrial control equipment with all the industrial control equipment in the industrial control system to obtain a preset important value corresponding to the industrial control equipment, and recording the preset important value as ZGi
S22: the real-time temperature of the industrial control equipment is obtained and marked, when the real-time temperature is larger than a set threshold value WB, the real-time temperature is marked as an influence temperature, the influence temperature is set as Wk, and k is 1, … … and n;
s23: setting temperatures above a set threshold WB corresponds to a plant influence systemSetting equipment influence coefficients as Yj, wherein j is 1, … … and n; and Y1<……<Yn; setting a temperature value range (q) corresponding to the equipment influence coefficient Yjj-1,qj]Wherein q is0<q1<……<qn(ii) a And q is0Is zero;
when Wk-WB ∈ (q)j-1,qj](ii) a Setting the influence coefficient corresponding to the influence temperature to be Yj; using formulas
Figure BDA0002522023750000021
Obtaining the temperature influence value WY of the industrial control equipmentGi
S24: sequencing the attack moments of the industrial control equipment by the viruses according to the time sequence, and calculating the time difference between two adjacent attack moments by the viruses to obtain the interval duration; the total interval duration is obtained by summing all interval durations and is marked F1Gi(ii) a Setting the total times of virus attack on the industrial control equipment as F2Gi(ii) a Using the formula FGi=(1/F1Gi)×b1+F2Giobtaining the dangerous attack value F of the industrial control equipment by x b2Gi(ii) a Wherein b1 and b2 are both preset proportionality coefficients;
s25: acquiring numerical values of preset important values, temperature influence values and dangerous attack values of industrial control equipment;
s26: using formula YGGi=WYGi×b3+ZGi×b4+FGiobtaining the early warning value YG of the industrial control equipment by the x b5Gi(ii) a Wherein b3, b4 and b5 are all preset fixed values of proportionality coefficients;
s27: setting an industrial control early warning threshold value as B1, a danger early warning threshold value as B2 and a temperature early warning threshold value as B3;
s28: when YGGi>B1,WYGi<B3,FGi<B2; generating an industrial control early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi<B2; generating an industrial control temperature early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi>B2; generating an industrial control temperature attack early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi<B3,FGi>B2; generating an industrial control attack early warning instruction corresponding to the industrial control equipment;
when YGGi<B1, no operation is carried out;
step three: sending an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of industrial control equipment to a safety early warning module;
step four: the safety early warning module carries out early warning processing on an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction, and the specific processing steps are as follows:
s41: when the safety early warning module receives an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to industrial control equipment, an early warning device on the industrial control equipment is controlled to carry out early warning, and meanwhile, technical staff corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction are obtained and marked as early warning staff for primary selection;
s42: sending an early warning maintenance instruction and a real-time position instruction to the mobile phone terminal of the early warning personnel, and simultaneously recording the sending time of the early warning maintenance instruction and the real-time position instruction sent to the mobile phone terminal of the early warning personnel;
s43: after the mobile phone terminal of the pre-selected early warning personnel receives the early warning maintenance instruction and the real-time position instruction, the mobile phone terminal sends an agreement instruction and a real-time position to the safety early warning module;
s44: after receiving an agreement instruction and a real-time position sent by a mobile phone terminal of a primary early warning person, a safety early warning module records the receiving time of the primary early warning person; marking the pre-selected early warning personnel with the receiving time within a preset time range as preferred early warning personnel;
s45: marking the optimized early warning personnel as Rm, wherein m is 1, … … and n; will prefer the early warningCalculating the time difference between the time of the staff's attendance and the current time of the system to obtain the time length of the preferred early warning staff's attendance and marking the time length as T1Rm(ii) a The unit is day;
s46: calculating the distance difference between the real-time position of the preferred early warning personnel and the position of the industrial control equipment to obtain the distance and marking the distance as VRm
S47: calculating the time difference between the receiving time and the sending time of the optimized early warning personnel to obtain the response time T2 of the optimized early warning personnelRm
S48: using formulas
Figure BDA0002522023750000041
Acquiring an coincidence value of the optimal early warning personnel; wherein d1, d2, d3 and d4 are all preset proportionality coefficients; WHRmThe early warning average value of the optimized early warning personnel is obtained;
s49: and selecting the optimal early warning personnel with the maximum coincidence value as the selected early warning personnel of the industrial control equipment, and sending the position of the industrial control equipment and an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to the industrial control equipment to a mobile phone terminal of the selected early warning personnel by the safety early warning module.
A system construction device for industrial control system safety detection and early warning comprises a data acquisition module, a server, a safety analysis module and a safety early warning module; the data acquisition module is used for acquiring industrial control information of industrial control equipment in the industrial control system and sending the industrial control information to the server;
the safety analysis module is used for acquiring industrial control information of the industrial control equipment stored in the server and carrying out safety analysis, and the specific analysis steps are as follows:
s1: setting industrial control equipment as Gi, i is 1, … … and n; setting a preset important value for all industrial control equipment pairs in the industrial control system; matching the industrial control equipment with all the industrial control equipment in the industrial control system to obtain a preset important value corresponding to the industrial control equipment, and recording the preset important value as ZGi
S2: the real-time temperature of the industrial control equipment is obtained and marked, when the real-time temperature is larger than a set threshold value WB, the real-time temperature is marked as an influence temperature, the influence temperature is set as Wk, and k is 1, … … and n;
s3: setting the temperature exceeding a set threshold value WB to correspond to one equipment influence coefficient, and setting the equipment influence coefficient as Yj, wherein j is 1, … … and n; and Y1<……<Yn; setting a temperature value range (q) corresponding to the equipment influence coefficient Yjj-1,qj]Wherein q is0<q1<……<qn(ii) a And q is0Is zero;
when Wk-WB ∈ (q)j-1,qj](ii) a Setting the influence coefficient corresponding to the influence temperature to be Yj; using formulas
Figure BDA0002522023750000051
Obtaining the temperature influence value WY of the industrial control equipmentGi
S4: sequencing the attack moments of the industrial control equipment by the viruses according to the time sequence, and calculating the time difference between two adjacent attack moments by the viruses to obtain the interval duration; the total interval duration is obtained by summing all interval durations and is marked F1Gi(ii) a Setting the total times of virus attack on the industrial control equipment as F2Gi(ii) a Using the formula FGi=(1/F1Gi)×b1+F2Giobtaining the dangerous attack value F of the industrial control equipment by x b2Gi(ii) a Wherein b1 and b2 are both preset proportionality coefficients;
s5: acquiring numerical values of preset important values, temperature influence values and dangerous attack values of industrial control equipment;
s6: using formula YGGi=WYGi×b3+ZGi×b4+FGiobtaining the early warning value YG of the industrial control equipment by the x b5Gi(ii) a Wherein b3, b4 and b5 are all preset fixed values of proportionality coefficients;
s7: setting an industrial control early warning threshold value as B1, a danger early warning threshold value as B2 and a temperature early warning threshold value as B3;
s8: when YGGi>B1,WYGi<B3,FGi<B2; generating the industrial control early warning finger corresponding to the industrial control equipmentOrder;
when YGGi>B1,WYGi>B3,FGi<B2; generating an industrial control temperature early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi>B2; generating an industrial control temperature attack early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi<B3,FGi>B2; generating an industrial control attack early warning instruction corresponding to the industrial control equipment;
when YGGi<B1, no operation is carried out;
s9: the safety analysis module sends an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction which generate industrial control equipment to the safety early warning module;
the safety early warning module is used for receiving an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of industrial control equipment sent by the safety analysis module and carrying out early warning processing, and the specific processing steps are as follows:
SS 1: when the safety early warning module receives an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to industrial control equipment, an early warning device on the industrial control equipment is controlled to carry out early warning, and meanwhile, technical staff corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction are obtained and marked as early warning staff for primary selection;
SS 2: sending an early warning maintenance instruction and a real-time position instruction to the mobile phone terminal of the early warning personnel, and simultaneously recording the sending time of the early warning maintenance instruction and the real-time position instruction sent to the mobile phone terminal of the early warning personnel;
SS 3: after the mobile phone terminal of the pre-selected early warning personnel receives the early warning maintenance instruction and the real-time position instruction, the mobile phone terminal sends an agreement instruction and a real-time position to the safety early warning module;
SS 4: after receiving an agreement instruction and a real-time position sent by a mobile phone terminal of a primary early warning person, a safety early warning module records the receiving time of the primary early warning person; marking the pre-selected early warning personnel with the receiving time within a preset time range as preferred early warning personnel;
SS 5: marking the optimized early warning personnel as Rm, wherein m is 1, … … and n; calculating the time difference between the time of entry of the preferred early warning personnel and the current time of the system to obtain the time of entry of the preferred early warning personnel, and marking the time as T1Rm(ii) a The unit is day;
SS6: calculating the distance difference between the real-time position of the preferred early warning personnel and the position of the industrial control equipment to obtain the distance and marking the distance as VRm
SS 7: calculating the time difference between the receiving time and the sending time of the optimized early warning personnel to obtain the response time T2 of the optimized early warning personnelRm
SS 8: using formulas
Figure BDA0002522023750000071
Acquiring an coincidence value of the optimal early warning personnel; wherein d1, d2, d3 and d4 are all preset proportionality coefficients; WHRmThe early warning average value of the optimized early warning personnel is obtained;
SS 9: and selecting the optimal early warning personnel with the maximum coincidence value as the selected early warning personnel of the industrial control equipment, sending the position of the industrial control equipment and an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to the industrial control equipment to the mobile phone terminal of the selected early warning personnel by the safety early warning module, and simultaneously recording the early warning sending time of the optimal early warning personnel sent to the selected early warning personnel by the safety early warning module.
Preferably, the device also comprises a registration login module, wherein the registration login module is used for the technical staff to submit the staff information through the mobile phone terminal for registration and send the staff information which is successfully registered to the server for storage; the personnel information comprises names, mobile phone numbers, job time and the belonging maintenance fields of technicians; the method comprises the following steps of (1) industrial control early warning processing, industrial control temperature attack early warning processing and industrial control attack early warning processing in the field of maintenance; and after receiving the personnel information, the server marks the personnel information as a technician corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction according to the field to which the personnel information belongs.
Preferably, the device further comprises an early warning processing module, wherein the early warning processing module is used for analyzing an early warning mean value of a selected early warning person to the industrial control equipment, and the specific analysis steps are as follows:
SSS 1: the selected early warning personnel send an early warning starting processing instruction and the current real-time position to an early warning processing module through the mobile phone terminal;
SSS 2: the early warning processing module receives the early warning start processing instruction and the current real-time position, then matches the current real-time position with the position corresponding to the industrial control equipment, and if the current real-time position of the selected early warning personnel is consistent with the position corresponding to the industrial control equipment, the early warning processing module records the receiving moment of the early warning start processing instruction sent by the selected early warning personnel, and calculates the time difference between the receiving moment and the early warning sending moment to obtain the delay time of the selected early warning personnel and records the delay time as E1;
SSS 3: when the early warning processing of the selected early warning personnel on the industrial control equipment is completed, the selected early warning personnel sends an early warning processing completion instruction to the early warning processing module through the mobile phone terminal; meanwhile, the total number of times of early warning treatment of the selected early warning personnel is increased once;
SSS 4: after receiving the early warning processing completion instruction, the early warning processing module counts the completion time of receiving the early warning processing completion instruction, and calculates the time difference between the completion time and the receiving time of recording the early warning start processing instruction sent by the selected early warning person to obtain the completion time of the selected early warning person, and records the completion time as E2;
SSS 5: acquiring a single early warning processing value E of the selected early warning personnel by using a formula E which is (1/E1) × d5+ (1/E2) × d 6; wherein d5 and d6 are both preset proportionality coefficients;
SSS6, summing all single early warning processing values of the selected early warning personnel, averaging to obtain an early warning average value, and marking the early warning average value as EQ;
SSS 7: setting the total number of early warning processing times of the selected early warning personnel as E3;
SSS 8: acquiring an early warning average value WH of the selected early warning personnel by using a formula WH equal to EQ multiplied by d7+ E3 multiplied by d 8; wherein d7 and d8 are both preset proportionality coefficients;
SSS 9: and the early warning processing module sends the early warning average value of the selected early warning personnel to the server for storage.
Preferably, the industrial control information includes the serial number, name, position, real-time temperature of the industrial control device, and the time and total times of the industrial control device being attacked by the virus.
Compared with the prior art, the invention has the beneficial effects that: the industrial control information of industrial control equipment in an industrial control system is acquired through a data acquisition module and is sent to a server, and then the industrial control information is subjected to security analysis through a security analysis module to obtain an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of the industrial control equipment and is sent to the security early warning module; the safety early warning module carries out early warning processing on an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction, selects a preferred early warning person with the largest coincidence value as a selected early warning person of the industrial control equipment, and sends the position of the industrial control equipment, the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction corresponding to the industrial control equipment to a mobile phone terminal of the selected early warning person; safety analysis is carried out on industrial control equipment in the industrial control system, and the industrial control equipment is reasonably distributed to corresponding selected early warning personnel for processing, so that timely early warning processing in the industrial control equipment is improved.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
Fig. 1 is a schematic view of the overall structure of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A construction method of a safety detection and early warning system for an industrial control system comprises the following steps:
the method comprises the following steps: industrial control information of industrial control equipment in the industrial control system is acquired through a data acquisition module and sent to a server;
step two: safety analysis is carried out on the industrial control information through a safety analysis module, and the specific analysis steps are as follows:
s21: setting industrial control equipment as Gi, i is 1, … … and n; setting a preset important value for all industrial control equipment pairs in the industrial control system; matching the industrial control equipment with all the industrial control equipment in the industrial control system to obtain a preset important value corresponding to the industrial control equipment, and recording the preset important value as ZGi
S22: the real-time temperature of the industrial control equipment is obtained and marked, when the real-time temperature is larger than a set threshold value WB, the real-time temperature is marked as an influence temperature, the influence temperature is set as Wk, and k is 1, … … and n;
s23: setting the temperature exceeding a set threshold value WB to correspond to one equipment influence coefficient, and setting the equipment influence coefficient as Yj, wherein j is 1, … … and n; and Y1<……<Yn; setting a temperature value range (q) corresponding to the equipment influence coefficient Yjj-1,qj]Wherein q is0<q1<……<qn(ii) a And q is0Is zero;
when Wk-WB ∈ (q)j-1,qj](ii) a Setting the influence coefficient corresponding to the influence temperature to be Yj; using formulas
Figure BDA0002522023750000101
Obtaining the temperature influence value WY of the industrial control equipmentGi
S24: sequencing the time of the industrial control equipment attacked by the virus according to the time sequence, and calculating two adjacent quiltsObtaining interval duration by time difference between virus attack moments; the total interval duration is obtained by summing all interval durations and is marked F1Gi(ii) a Setting the total times of virus attack on the industrial control equipment as F2Gi(ii) a Using the formula FGi=(1/F1Gi)×b1+F2Giobtaining the dangerous attack value F of the industrial control equipment by x b2Gi(ii) a Wherein b1 and b2 are both preset proportionality coefficients;
s25: acquiring numerical values of preset important values, temperature influence values and dangerous attack values of industrial control equipment;
s26: using formula YGGi=WYGi×b3+ZGi×b4+FGiobtaining the early warning value YG of the industrial control equipment by the x b5Gi(ii) a Wherein b3, b4 and b5 are all preset fixed values of proportionality coefficients;
s27: setting an industrial control early warning threshold value as B1, a danger early warning threshold value as B2 and a temperature early warning threshold value as B3;
s28: when YGGi>B1,WYGi<B3,FGi<B2; generating an industrial control early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi<B2; generating an industrial control temperature early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi>B2; generating an industrial control temperature attack early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi<B3,FGi>B2; generating an industrial control attack early warning instruction corresponding to the industrial control equipment;
when YGGi<B1, no operation is carried out;
step three: sending an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of industrial control equipment to a safety early warning module;
step four: the safety early warning module carries out early warning processing on an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction, and the specific processing steps are as follows:
s41: when the safety early warning module receives an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to industrial control equipment, an early warning device on the industrial control equipment is controlled to carry out early warning, and meanwhile, technical staff corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction are obtained and marked as early warning staff for primary selection;
s42: sending an early warning maintenance instruction and a real-time position instruction to the mobile phone terminal of the early warning personnel, and simultaneously recording the sending time of the early warning maintenance instruction and the real-time position instruction sent to the mobile phone terminal of the early warning personnel;
s43: after the mobile phone terminal of the pre-selected early warning personnel receives the early warning maintenance instruction and the real-time position instruction, the mobile phone terminal sends an agreement instruction and a real-time position to the safety early warning module;
s44: after receiving an agreement instruction and a real-time position sent by a mobile phone terminal of a primary early warning person, a safety early warning module records the receiving time of the primary early warning person; marking the pre-selected early warning personnel with the receiving time within a preset time range as preferred early warning personnel;
s45: marking the optimized early warning personnel as Rm, wherein m is 1, … … and n; calculating the time difference between the time of entry of the preferred early warning personnel and the current time of the system to obtain the time of entry of the preferred early warning personnel, and marking the time as T1Rm(ii) a The unit is day;
s46: calculating the distance difference between the real-time position of the preferred early warning personnel and the position of the industrial control equipment to obtain the distance and marking the distance as VRm
S47: calculating the time difference between the receiving time and the sending time of the optimized early warning personnel to obtain the response time T2 of the optimized early warning personnelRm
S48: using formulas
Figure BDA0002522023750000121
Acquiring an coincidence value of the optimal early warning personnel; wherein, d1, d2, d3 and d4All are preset proportionality coefficients; WHRmThe early warning average value of the optimized early warning personnel is obtained;
s49: and selecting the optimal early warning personnel with the maximum coincidence value as the selected early warning personnel of the industrial control equipment, and sending the position of the industrial control equipment and an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to the industrial control equipment to a mobile phone terminal of the selected early warning personnel by the safety early warning module.
Referring to fig. 1, a system construction device for safety detection and early warning of an industrial control system includes a data acquisition module, a server, a safety analysis module, a safety early warning module, an early warning processing module, and a registration module;
the data acquisition module is used for acquiring industrial control information of industrial control equipment in the industrial control system and sending the industrial control information to the server; the industrial control information comprises the serial number, name and position of the industrial control equipment, the real-time temperature of the industrial control equipment, the moment and total times of the industrial control equipment being attacked by the virus;
the safety analysis module is used for acquiring industrial control information of the industrial control equipment stored in the server and carrying out safety analysis, and the specific analysis steps are as follows:
s1: setting industrial control equipment as Gi, i is 1, … … and n; setting a preset important value for all industrial control equipment pairs in the industrial control system; matching the industrial control equipment with all the industrial control equipment in the industrial control system to obtain a preset important value corresponding to the industrial control equipment, and recording the preset important value as ZGi
S2: the real-time temperature of the industrial control equipment is obtained and marked, when the real-time temperature is larger than a set threshold value WB, the real-time temperature is marked as an influence temperature, the influence temperature is set as Wk, and k is 1, … … and n;
s3: setting the temperature exceeding a set threshold value WB to correspond to one equipment influence coefficient, and setting the equipment influence coefficient as Yj, wherein j is 1, … … and n; and Y1<……<Yn; setting a temperature value range (q) corresponding to the equipment influence coefficient Yjj-1,qj]Wherein q is0<q1<……<qn(ii) a And q is0Has a value of zero;
when Wk-WB ∈ (q)j-1,qj](ii) a Setting the influence coefficient corresponding to the influence temperature to be Yj; using formulas
Figure BDA0002522023750000131
Obtaining the temperature influence value WY of the industrial control equipmentGi
S4: sequencing the attack moments of the industrial control equipment by the viruses according to the time sequence, and calculating the time difference between two adjacent attack moments by the viruses to obtain the interval duration; the total interval duration is obtained by summing all interval durations and is marked F1Gi(ii) a Setting the total times of virus attack on the industrial control equipment as F2Gi(ii) a Using the formula FGi=(1/F1Gi)×b1+F2Giobtaining the dangerous attack value F of the industrial control equipment by x b2Gi(ii) a Wherein b1 and b2 are both preset proportionality coefficients;
s5: acquiring numerical values of preset important values, temperature influence values and dangerous attack values of industrial control equipment;
s6: using formula YGGi=WYGi×b3+ZGi×b4+FGiobtaining the early warning value YG of the industrial control equipment by the x b5Gi(ii) a Wherein b3, b4 and b5 are all preset fixed values of proportionality coefficients;
s7: setting an industrial control early warning threshold value as B1, a danger early warning threshold value as B2 and a temperature early warning threshold value as B3;
s8: when YGGi>B1,WYGi<B3,FGi<B2; generating an industrial control early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi<B2; generating an industrial control temperature early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi>B2; generating an industrial control temperature attack early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi<B3,FGi>B2; generating an industrial control attack early warning instruction corresponding to the industrial control equipment;
when YGGi<B1, no operation is carried out;
s9: the safety analysis module sends an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction which generate industrial control equipment to the safety early warning module;
the safety early warning module is used for receiving an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of the industrial control equipment sent by the safety analysis module and carrying out early warning processing, and the specific processing steps are as follows:
SS 1: when the safety early warning module receives an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to industrial control equipment, an early warning device on the industrial control equipment is controlled to carry out early warning, and meanwhile, technical staff corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction are obtained and marked as early warning staff for primary selection;
SS 2: sending an early warning maintenance instruction and a real-time position instruction to the mobile phone terminal of the early warning personnel, and simultaneously recording the sending time of the early warning maintenance instruction and the real-time position instruction sent to the mobile phone terminal of the early warning personnel;
SS 3: after the mobile phone terminal of the pre-selected early warning personnel receives the early warning maintenance instruction and the real-time position instruction, the mobile phone terminal sends an agreement instruction and a real-time position to the safety early warning module;
SS 4: after receiving an agreement instruction and a real-time position sent by a mobile phone terminal of a primary early warning person, a safety early warning module records the receiving time of the primary early warning person; marking the pre-selected early warning personnel with the receiving time within a preset time range as preferred early warning personnel;
SS 5: marking the optimized early warning personnel as Rm, wherein m is 1, … … and n; calculating the time difference between the time of entry of the preferred early warning personnel and the current time of the system to obtain the time of entry of the preferred early warning personnel, and marking the time as T1Rm(ii) a The unit is day;
SS6: will prefer forewarning personnelCalculating the distance difference between the real-time position and the position of the industrial control equipment to obtain a distance and marking the distance as VRm
SS 7: calculating the time difference between the receiving time and the sending time of the optimized early warning personnel to obtain the response time T2 of the optimized early warning personnelRm
SS 8: using formulas
Figure BDA0002522023750000141
Acquiring an coincidence value of the optimal early warning personnel; wherein d1, d2, d3 and d4 are all preset proportionality coefficients; WHRmThe early warning average value of the optimized early warning personnel is obtained;
SS 9: and selecting the optimal early warning personnel with the maximum coincidence value as the selected early warning personnel of the industrial control equipment, sending the position of the industrial control equipment and an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to the industrial control equipment to the mobile phone terminal of the selected early warning personnel by the safety early warning module, and simultaneously recording the early warning sending time of the optimal early warning personnel sent to the selected early warning personnel by the safety early warning module.
The registration login module is used for a technician to submit personnel information through a mobile phone terminal for registration and send the personnel information which is successfully registered to the server for storage; the personnel information comprises names, mobile phone numbers, job time and the affiliated maintenance fields of technicians; the method comprises the following steps of (1) industrial control early warning processing, industrial control temperature attack early warning processing and industrial control attack early warning processing in the field of maintenance; and after receiving the personnel information, the server marks the personnel information as a technician corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction according to the field to which the personnel information belongs.
The early warning processing module is used for analyzing the early warning mean value of the selected early warning personnel to the industrial control equipment, and comprises the following specific analysis steps:
SSS 1: the selected early warning personnel send an early warning starting processing instruction and the current real-time position to an early warning processing module through the mobile phone terminal;
SSS 2: the early warning processing module receives the early warning start processing instruction and the current real-time position, then matches the current real-time position with the position corresponding to the industrial control equipment, and if the current real-time position of the selected early warning personnel is consistent with the position corresponding to the industrial control equipment, the early warning processing module records the receiving moment of the early warning start processing instruction sent by the selected early warning personnel, and calculates the time difference between the receiving moment and the early warning sending moment to obtain the delay time of the selected early warning personnel and records the delay time as E1;
SSS 3: when the early warning processing of the selected early warning personnel on the industrial control equipment is completed, the selected early warning personnel sends an early warning processing completion instruction to the early warning processing module through the mobile phone terminal; meanwhile, the total number of times of early warning treatment of the selected early warning personnel is increased once;
SSS 4: after receiving the early warning processing completion instruction, the early warning processing module counts the completion time of receiving the early warning processing completion instruction, and calculates the time difference between the completion time and the receiving time of recording the early warning start processing instruction sent by the selected early warning person to obtain the completion time of the selected early warning person, and records the completion time as E2;
SSS 5: acquiring a single early warning processing value E of the selected early warning personnel by using a formula E which is (1/E1) × d5+ (1/E2) × d 6; wherein d5 and d6 are both preset proportionality coefficients;
SSS6, summing all single early warning processing values of the selected early warning personnel, averaging to obtain an early warning average value, and marking the early warning average value as EQ;
SSS 7: setting the total number of early warning processing times of the selected early warning personnel as E3;
SSS 8: acquiring an early warning average value WH of the selected early warning personnel by using a formula WH equal to EQ multiplied by d7+ E3 multiplied by d 8; wherein d7 and d8 are both preset proportionality coefficients;
SSS 9: and the early warning processing module sends the early warning average value of the selected early warning personnel to the server for storage.
When the industrial control system is used, industrial control information of industrial control equipment in the industrial control system is acquired through the data acquisition module and is sent to the server, and then the industrial control information is subjected to safety analysis through the safety analysis module to obtain an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of the industrial control equipment and is sent to the safety early warning module; the safety early warning module carries out early warning processing on an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction, selects a preferred early warning person with the largest coincidence value as a selected early warning person of the industrial control equipment, and sends the position of the industrial control equipment, the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction corresponding to the industrial control equipment to a mobile phone terminal of the selected early warning person; safety analysis is carried out on industrial control equipment in the industrial control system, and the industrial control equipment is reasonably distributed to corresponding selected early warning personnel for processing, so that timely early warning processing in the industrial control equipment is improved.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (5)

1. A construction method for safety detection and early warning of an industrial control system is characterized by comprising the following steps:
the method comprises the following steps: industrial control information of industrial control equipment in the industrial control system is acquired through a data acquisition module and sent to a server;
step two: safety analysis is carried out on the industrial control information through a safety analysis module, and the specific analysis steps are as follows:
s21: setting industrial control equipment as Gi, i is 1, … … and n; setting a preset important value for all industrial control equipment pairs in the industrial control system; matching the industrial control equipment with all the industrial control equipment in the industrial control system to obtain a preset important value corresponding to the industrial control equipment, and recording the preset important value as ZGi
S22: the real-time temperature of the industrial control equipment is obtained and marked, when the real-time temperature is larger than a set threshold value WB, the real-time temperature is marked as an influence temperature, the influence temperature is set as Wk, and k is 1, … … and n;
s23: setting the temperature exceeding a set threshold value WB to correspond to one equipment influence coefficient, and setting the equipment influence coefficient as Yj, wherein j is 1, … … and n; and Y1<……<Yn; setting a temperature value range (q) corresponding to the equipment influence coefficient Yjj-1,qj]Wherein q is0<q1<……<qn(ii) a And q is0Is zero;
when Wk-WB ∈ (q)j-1,qj](ii) a Setting the influence coefficient corresponding to the influence temperature to be Yj; using formulas
Figure FDA0002522023740000011
Obtaining the temperature influence value WY of the industrial control equipmentGi
S24: sequencing the attack moments of the industrial control equipment by the viruses according to the time sequence, and calculating the time difference between two adjacent attack moments by the viruses to obtain the interval duration; the total interval duration is obtained by summing all interval durations and is marked F1Gi(ii) a Setting the total times of virus attack on the industrial control equipment as F2Gi(ii) a Using the formula FGi=(1/F1Gi)×b1+F2Giobtaining the dangerous attack value F of the industrial control equipment by x b2Gi(ii) a Wherein b1 and b2 are both preset proportionality coefficients;
s25: acquiring numerical values of preset important values, temperature influence values and dangerous attack values of industrial control equipment;
s26: using formula YGGi=WYGi×b3+ZGi×b4+FGiobtaining the early warning value YG of the industrial control equipment by the x b5Gi(ii) a Wherein b3, b4 and b5 are all preset fixed values of proportionality coefficients;
s27: setting an industrial control early warning threshold value as B1, a danger early warning threshold value as B2 and a temperature early warning threshold value as B3;
s28: when YGGi>B1,WYGi<B3,FGi<B2; generating an industrial control early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi<B2; generating an industrial control temperature early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi>B2; generating an industrial control temperature attack early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi<B3,FGi>B2; generating an industrial control attack early warning instruction corresponding to the industrial control equipment;
when YGGi<B1, no operation is carried out;
step three: sending an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of industrial control equipment to a safety early warning module;
step four: the safety early warning module carries out early warning processing on an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction, and the specific processing steps are as follows:
s41: when the safety early warning module receives an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to industrial control equipment, an early warning device on the industrial control equipment is controlled to carry out early warning, and meanwhile, technical staff corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction are obtained and marked as early warning staff for primary selection;
s42: sending an early warning maintenance instruction and a real-time position instruction to the mobile phone terminal of the early warning personnel, and simultaneously recording the sending time of the early warning maintenance instruction and the real-time position instruction sent to the mobile phone terminal of the early warning personnel;
s43: after the mobile phone terminal of the pre-selected early warning personnel receives the early warning maintenance instruction and the real-time position instruction, the mobile phone terminal sends an agreement instruction and a real-time position to the safety early warning module;
s44: after receiving an agreement instruction and a real-time position sent by a mobile phone terminal of a primary early warning person, a safety early warning module records the receiving time of the primary early warning person; marking the pre-selected early warning personnel with the receiving time within a preset time range as preferred early warning personnel;
s45: marking the optimized early warning personnel as Rm, wherein m is 1, … … and n; calculating the time difference between the time of entry of the preferred early warning personnel and the current time of the system to obtain the time of entry of the preferred early warning personnel, and marking the time as T1Rm(ii) a The unit is day;
s46: calculating the distance difference between the real-time position of the preferred early warning personnel and the position of the industrial control equipment to obtain the distance and marking the distance as VRm
S47: calculating the time difference between the receiving time and the sending time of the optimized early warning personnel to obtain the response time T2 of the optimized early warning personnelRm
S48: using formulas
Figure FDA0002522023740000031
Acquiring an coincidence value of the optimal early warning personnel; wherein d1, d2, d3 and d4 are all preset proportionality coefficients; WHRmThe early warning average value of the optimized early warning personnel is obtained;
s49: and selecting the optimal early warning personnel with the maximum coincidence value as the selected early warning personnel of the industrial control equipment, and sending the position of the industrial control equipment and an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to the industrial control equipment to a mobile phone terminal of the selected early warning personnel by the safety early warning module.
2. A system construction device for industrial control system safety detection and early warning is characterized by comprising a data acquisition module, a server, a safety analysis module and a safety early warning module; the data acquisition module is used for acquiring industrial control information of industrial control equipment in the industrial control system and sending the industrial control information to the server;
the safety analysis module is used for acquiring industrial control information of the industrial control equipment stored in the server and carrying out safety analysis, and the specific analysis steps are as follows:
s1: setting industrial control equipment as Gi, i is 1, … … and n; setting a preset important value for all industrial control equipment pairs in the industrial control system; matching the industrial control equipment with all the industrial control equipment in the industrial control system to obtain a preset important value corresponding to the industrial control equipment, and recording the preset important value as ZGi
S2: the real-time temperature of the industrial control equipment is obtained and marked, when the real-time temperature is larger than a set threshold value WB, the real-time temperature is marked as an influence temperature, the influence temperature is set as Wk, and k is 1, … … and n;
s3: setting the temperature exceeding a set threshold value WB to correspond to one equipment influence coefficient, and setting the equipment influence coefficient as Yj, wherein j is 1, … … and n; and Y1<……<Yn; setting a temperature value range (q) corresponding to the equipment influence coefficient Yjj-1,qj]Wherein q is0<q1<……<qn(ii) a And q is0Is zero;
when Wk-WB ∈ (q)j-1,qj](ii) a Setting the influence coefficient corresponding to the influence temperature to be Yj; using formulas
Figure FDA0002522023740000041
Obtaining the temperature influence value WY of the industrial control equipmentGi
S4: sequencing the attack moments of the industrial control equipment by the viruses according to the time sequence, and calculating the time difference between two adjacent attack moments by the viruses to obtain the interval duration; the total interval duration is obtained by summing all interval durations and is marked F1Gi(ii) a Setting the total times of virus attack on the industrial control equipment as F2Gi(ii) a Using the formula FGi=(1/F1Gi)×b1+F2Giobtaining the dangerous attack value F of the industrial control equipment by x b2Gi(ii) a Wherein b1 and b2 are both preset proportionality coefficients;
s5: acquiring numerical values of preset important values, temperature influence values and dangerous attack values of industrial control equipment;
s6: using formula YGGi=WYGi×b3+ZGi×b4+FGiobtaining industrial control equipment by x b5Is YGGi(ii) a Wherein b3, b4 and b5 are all preset fixed values of proportionality coefficients;
s7: setting an industrial control early warning threshold value as B1, a danger early warning threshold value as B2 and a temperature early warning threshold value as B3;
s8: when YGGi>B1,WYGi<B3,FGi<B2; generating an industrial control early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi<B2; generating an industrial control temperature early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi>B3,FGi>B2; generating an industrial control temperature attack early warning instruction corresponding to the industrial control equipment;
when YGGi>B1,WYGi<B3,FGi>B2; generating an industrial control attack early warning instruction corresponding to the industrial control equipment;
when YGGi<B1, no operation is carried out;
s9: the safety analysis module sends an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction which generate industrial control equipment to the safety early warning module;
the safety early warning module is used for receiving an industrial control early warning instruction, an industrial control temperature attack early warning instruction and an industrial control attack early warning instruction of industrial control equipment sent by the safety analysis module and carrying out early warning processing, and the specific processing steps are as follows:
SS 1: when the safety early warning module receives an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to industrial control equipment, an early warning device on the industrial control equipment is controlled to carry out early warning, and meanwhile, technical staff corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction are obtained and marked as early warning staff for primary selection;
SS 2: sending an early warning maintenance instruction and a real-time position instruction to the mobile phone terminal of the early warning personnel, and simultaneously recording the sending time of the early warning maintenance instruction and the real-time position instruction sent to the mobile phone terminal of the early warning personnel;
SS 3: after the mobile phone terminal of the pre-selected early warning personnel receives the early warning maintenance instruction and the real-time position instruction, the mobile phone terminal sends an agreement instruction and a real-time position to the safety early warning module;
SS 4: after receiving an agreement instruction and a real-time position sent by a mobile phone terminal of a primary early warning person, a safety early warning module records the receiving time of the primary early warning person; marking the pre-selected early warning personnel with the receiving time within a preset time range as preferred early warning personnel;
SS 5: marking the optimized early warning personnel as Rm, wherein m is 1, … … and n; calculating the time difference between the time of entry of the preferred early warning personnel and the current time of the system to obtain the time of entry of the preferred early warning personnel, and marking the time as T1Rm(ii) a The unit is day;
SS6: calculating the distance difference between the real-time position of the preferred early warning personnel and the position of the industrial control equipment to obtain the distance and marking the distance as VRm
SS 7: calculating the time difference between the receiving time and the sending time of the optimized early warning personnel to obtain the response time T2 of the optimized early warning personnelRm
SS 8: using formulas
Figure FDA0002522023740000061
Acquiring an coincidence value of the optimal early warning personnel; wherein d1, d2, d3 and d4 are all preset proportionality coefficients; WHRmThe early warning average value of the optimized early warning personnel is obtained;
SS 9: and selecting the optimal early warning personnel with the maximum coincidence value as the selected early warning personnel of the industrial control equipment, sending the position of the industrial control equipment and an industrial control early warning instruction or an industrial control temperature attack early warning instruction or an industrial control attack early warning instruction corresponding to the industrial control equipment to the mobile phone terminal of the selected early warning personnel by the safety early warning module, and simultaneously recording the early warning sending time of the optimal early warning personnel sent to the selected early warning personnel by the safety early warning module.
3. The industrial control system safety detection and early warning-oriented system construction device according to claim 2, characterized by further comprising a registration login module, wherein the registration login module is used for a technician to submit personnel information through a mobile phone terminal for registration and send the personnel information which is successfully registered to the server for storage; the personnel information comprises names, mobile phone numbers, job time and the belonging maintenance fields of technicians; the method comprises the following steps of (1) industrial control early warning processing, industrial control temperature attack early warning processing and industrial control attack early warning processing in the field of maintenance; and after receiving the personnel information, the server marks the personnel information as a technician corresponding to the industrial control early warning instruction or the industrial control temperature attack early warning instruction or the industrial control attack early warning instruction according to the field to which the personnel information belongs.
4. The industrial control system safety detection and early warning-oriented system construction device according to claim 2, characterized by further comprising an early warning processing module, wherein the early warning processing module is used for analyzing an early warning average value of a selected early warning person on the industrial control equipment, and the specific analysis steps are as follows:
SSS 1: the selected early warning personnel send an early warning starting processing instruction and the current real-time position to an early warning processing module through the mobile phone terminal;
SSS 2: the early warning processing module receives the early warning start processing instruction and the current real-time position, then matches the current real-time position with the position corresponding to the industrial control equipment, and if the current real-time position of the selected early warning personnel is consistent with the position corresponding to the industrial control equipment, the early warning processing module records the receiving moment of the early warning start processing instruction sent by the selected early warning personnel, and calculates the time difference between the receiving moment and the early warning sending moment to obtain the delay time of the selected early warning personnel and records the delay time as E1;
SSS 3: when the early warning processing of the selected early warning personnel on the industrial control equipment is completed, the selected early warning personnel sends an early warning processing completion instruction to the early warning processing module through the mobile phone terminal; meanwhile, the total number of times of early warning treatment of the selected early warning personnel is increased once;
SSS 4: after receiving the early warning processing completion instruction, the early warning processing module counts the completion time of receiving the early warning processing completion instruction, and calculates the time difference between the completion time and the receiving time of recording the early warning start processing instruction sent by the selected early warning person to obtain the completion time of the selected early warning person, and records the completion time as E2;
SSS 5: acquiring a single early warning processing value E of the selected early warning personnel by using a formula E which is (1/E1) × d5+ (1/E2) × d 6; wherein d5 and d6 are both preset proportionality coefficients;
SSS6, summing all single early warning processing values of the selected early warning personnel, averaging to obtain an early warning average value, and marking the early warning average value as EQ;
SSS 7: setting the total number of early warning processing times of the selected early warning personnel as E3;
SSS 8: acquiring an early warning average value WH of the selected early warning personnel by using a formula WH equal to EQ multiplied by d7+ E3 multiplied by d 8; wherein d7 and d8 are both preset proportionality coefficients;
SSS 9: and the early warning processing module sends the early warning average value of the selected early warning personnel to the server for storage.
5. The industrial control system safety detection and early warning-oriented system construction device as claimed in claim 2, wherein the industrial control information includes serial number, name, position of industrial control equipment, real-time temperature of industrial control equipment, and time and total times of attack of viruses on industrial control equipment.
CN202010493767.8A 2020-06-03 2020-06-03 Industrial control system safety detection and early warning oriented system construction method and device Active CN111680906B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010493767.8A CN111680906B (en) 2020-06-03 2020-06-03 Industrial control system safety detection and early warning oriented system construction method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010493767.8A CN111680906B (en) 2020-06-03 2020-06-03 Industrial control system safety detection and early warning oriented system construction method and device

Publications (2)

Publication Number Publication Date
CN111680906A true CN111680906A (en) 2020-09-18
CN111680906B CN111680906B (en) 2021-03-02

Family

ID=72453232

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010493767.8A Active CN111680906B (en) 2020-06-03 2020-06-03 Industrial control system safety detection and early warning oriented system construction method and device

Country Status (1)

Country Link
CN (1) CN111680906B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111861180A (en) * 2020-07-14 2020-10-30 深圳市安科讯电子制造有限公司 Management system for real-time early warning of digital energy production and manufacturing
CN112198161A (en) * 2020-10-10 2021-01-08 安徽和佳医疗用品科技有限公司 PVC gloves real-time detection system based on machine vision
CN112486133A (en) * 2020-12-09 2021-03-12 安徽三达信息科技有限公司 Intelligent piece arranging and sorting system based on vertical form AGV
CN112686649A (en) * 2021-02-03 2021-04-20 浙江金卡实业有限公司 Construction equipment management system based on artificial intelligence
CN112769899A (en) * 2020-12-22 2021-05-07 安徽飞凯电子技术有限公司 Network cabinet production automation equipment data detection system based on Internet of things
CN113205190A (en) * 2021-04-14 2021-08-03 昆山中钧新能源科技有限公司 Energy storage safety early warning system of smart power grid
CN113702868A (en) * 2021-08-31 2021-11-26 中煤科工集团重庆智慧城市科技研究院有限公司 Electric leakage alarm system based on box-type substation
CN114827226A (en) * 2022-06-30 2022-07-29 深圳市智联物联科技有限公司 Remote management method for industrial control equipment
CN116300574A (en) * 2023-01-30 2023-06-23 江苏海盟金网信息技术有限公司 A hybrid control system and method for industrial control information based on big data

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
CN105959289A (en) * 2016-06-06 2016-09-21 中国东方电气集团有限公司 Self-learning-based safety detection method for OPC Classic protocol
CN106709613A (en) * 2015-07-16 2017-05-24 中国科学院信息工程研究所 Risk assessment method suitable for industrial control system
US20170230410A1 (en) * 2016-02-10 2017-08-10 Accenture Global Solutions Limited Telemetry Analysis System for Physical Process Anomaly Detection
CN107302530A (en) * 2017-06-16 2017-10-27 北京天地和兴科技有限公司 A kind of industrial control system attack detecting device and its detection method based on white list
US20180183827A1 (en) * 2016-12-28 2018-06-28 Palantir Technologies Inc. Resource-centric network cyber attack warning system
CN109445406A (en) * 2018-10-18 2019-03-08 西南交通大学 Industrial control system safety detection method based on scrnario testing and affairs search
CN109818985A (en) * 2019-04-11 2019-05-28 江苏亨通工控安全研究院有限公司 A kind of industrial control system loophole trend analysis and method for early warning and system
CN110703712A (en) * 2019-10-25 2020-01-17 国家工业信息安全发展研究中心 Industrial control system information security attack risk assessment method and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
CN106709613A (en) * 2015-07-16 2017-05-24 中国科学院信息工程研究所 Risk assessment method suitable for industrial control system
US20170230410A1 (en) * 2016-02-10 2017-08-10 Accenture Global Solutions Limited Telemetry Analysis System for Physical Process Anomaly Detection
CN105959289A (en) * 2016-06-06 2016-09-21 中国东方电气集团有限公司 Self-learning-based safety detection method for OPC Classic protocol
US20180183827A1 (en) * 2016-12-28 2018-06-28 Palantir Technologies Inc. Resource-centric network cyber attack warning system
CN107302530A (en) * 2017-06-16 2017-10-27 北京天地和兴科技有限公司 A kind of industrial control system attack detecting device and its detection method based on white list
CN109445406A (en) * 2018-10-18 2019-03-08 西南交通大学 Industrial control system safety detection method based on scrnario testing and affairs search
CN109818985A (en) * 2019-04-11 2019-05-28 江苏亨通工控安全研究院有限公司 A kind of industrial control system loophole trend analysis and method for early warning and system
CN110703712A (en) * 2019-10-25 2020-01-17 国家工业信息安全发展研究中心 Industrial control system information security attack risk assessment method and system

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111861180A (en) * 2020-07-14 2020-10-30 深圳市安科讯电子制造有限公司 Management system for real-time early warning of digital energy production and manufacturing
CN112198161A (en) * 2020-10-10 2021-01-08 安徽和佳医疗用品科技有限公司 PVC gloves real-time detection system based on machine vision
CN112486133A (en) * 2020-12-09 2021-03-12 安徽三达信息科技有限公司 Intelligent piece arranging and sorting system based on vertical form AGV
CN112769899A (en) * 2020-12-22 2021-05-07 安徽飞凯电子技术有限公司 Network cabinet production automation equipment data detection system based on Internet of things
CN112686649A (en) * 2021-02-03 2021-04-20 浙江金卡实业有限公司 Construction equipment management system based on artificial intelligence
CN112686649B (en) * 2021-02-03 2021-06-15 浙江金卡实业有限公司 An artificial intelligence-based building equipment management system
CN113205190A (en) * 2021-04-14 2021-08-03 昆山中钧新能源科技有限公司 Energy storage safety early warning system of smart power grid
CN113702868A (en) * 2021-08-31 2021-11-26 中煤科工集团重庆智慧城市科技研究院有限公司 Electric leakage alarm system based on box-type substation
CN114827226A (en) * 2022-06-30 2022-07-29 深圳市智联物联科技有限公司 Remote management method for industrial control equipment
CN116300574A (en) * 2023-01-30 2023-06-23 江苏海盟金网信息技术有限公司 A hybrid control system and method for industrial control information based on big data
CN116300574B (en) * 2023-01-30 2023-10-24 江苏海盟金网信息技术有限公司 Industrial control information mixed control system and method based on big data

Also Published As

Publication number Publication date
CN111680906B (en) 2021-03-02

Similar Documents

Publication Publication Date Title
CN111680906B (en) Industrial control system safety detection and early warning oriented system construction method and device
CN114022988A (en) Visitor information management verification system and method based on artificial intelligence
CN202443497U (en) Visitor management system
WO2007063970A1 (en) Monitor camera system and face image trace recording method
CN113837030A (en) Intelligent personnel management and control method and system for epidemic situation prevention and control and computer equipment
CN111292454A (en) Intelligent identity access control identification system and method
CN108734618A (en) Campus Security prompt management system and method
CN109831459A (en) Method, apparatus, storage medium and the terminal device of secure access
CN111932761A (en) Intelligent access control system based on block chain
CN113793441B (en) Campus visitor safety analysis system based on thing networking
CN117972687B (en) A blockchain-based intelligent power monitoring system
CN109903501A (en) A security probe analysis and processing system based on big data
CN109272616A (en) A kind of entrance guard controlling method and system based on recognition of face
CN117714991A (en) Method and system for monitoring operation track
CN113034768A (en) Intelligent access control device and working method thereof
CN105407324A (en) Monitoring system for monitoring school
CN211154002U (en) Safety helmet and safety system
CN106097496B (en) Control of bluetooth access management system, control of bluetooth access equipment and its time calibrating method
CN109035534A (en) A kind of gate inhibition&#39;s monitoring method, controller and system
CN117094021B (en) Electronic signature encryption protection system and method based on Internet
CN115766297B (en) Information data safety protection method based on Internet of things
CN117093822A (en) Industrial brain data analysis platform based on industrial knowledge graph
CN116957466A (en) Intelligent input and output system and method for safety tools
CN113569670A (en) Transformer substation monitoring system
CN112887379B (en) A robot service system and method based on social network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant