CN116684124A - Data acquisition and transmission method and system - Google Patents
Data acquisition and transmission method and system Download PDFInfo
- Publication number
- CN116684124A CN116684124A CN202310554419.0A CN202310554419A CN116684124A CN 116684124 A CN116684124 A CN 116684124A CN 202310554419 A CN202310554419 A CN 202310554419A CN 116684124 A CN116684124 A CN 116684124A
- Authority
- CN
- China
- Prior art keywords
- data
- full
- dcs system
- log data
- analysis platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000005540 biological transmission Effects 0.000 title claims abstract description 40
- 238000004458 analytical method Methods 0.000 claims abstract description 82
- 238000004891 communication Methods 0.000 claims abstract description 8
- 230000002159 abnormal effect Effects 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 22
- 238000003860 storage Methods 0.000 claims description 16
- 238000007405 data analysis Methods 0.000 claims description 5
- 238000013480 data collection Methods 0.000 claims description 5
- 238000003012 network analysis Methods 0.000 claims description 5
- 238000012098 association analyses Methods 0.000 claims description 4
- 238000005065 mining Methods 0.000 claims description 4
- 238000010276 construction Methods 0.000 abstract description 9
- 238000012423 maintenance Methods 0.000 abstract description 5
- 230000004044 response Effects 0.000 abstract description 5
- 230000006855 networking Effects 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000004519 manufacturing process Methods 0.000 description 33
- 238000010586 diagram Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000005856 abnormality Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The application provides a data acquisition and transmission method and system, and belongs to the technical field of data acquisition. The method comprises the following steps: and establishing communication connection between the intelligent collector and the DCS system. And collecting log data and full flow data of the DCS system through an intelligent collector. Therefore, the burden of the DCS system network external networking structure is reduced, and the complexity of the DCS system information security network is also reduced. And after the log data and the full flow data are gathered, the collected log data and the full flow data are sent to a plant-level analysis platform outside a local area network to which the DCS system belongs. And analyzing the log data and the full flow data through a factory-level analysis platform to obtain a first analysis result. The intelligent construction method and the intelligent construction system provide accurate data support for constructing the network security environment of the local area network, improve the work response efficiency of engineers, reduce the maintenance cost and effectively reduce the network access of the local area network while completing the intelligent construction, thereby reducing the network security risk point of the local area network and being beneficial to the network security management of the local area network.
Description
Technical Field
The application relates to the technical field of data acquisition, in particular to a data acquisition and transmission method and a data acquisition and transmission system.
Background
The safety area of the power plant is divided into a control area (safety production area I), a non-control area (safety area II) and a management information large area. The DCS system is mainly distributed in a control area, namely a safe production area I, production control instruction data and the like in the DCS system are in the safe production area I and are relatively independent local area network environments, data interaction is carried out on the DCS system and the safe area II through unidirectional isolation, the DCS system is not directly connected with the Internet, the data in the safe production area I are required to be independently sent out and sent to a factory-level analysis platform, and the construction of the factory-level analysis platform can be realized. The safety II area is mainly an SIS system and is responsible for data collection and processing to realize the sharing of production real-time information and management information; and the management information area combines production data, enterprise office information and other data. In the construction process of an intelligent power plant, the traditional log acquisition and flow acquisition are required to use two sets of independent acquisition devices to complete data collection work, the data are collected into corresponding analysis platforms to be analyzed and processed, then the analysis platforms are used for sending data to a plant-level analysis platform outside a safe production area I, and the overall construction work of an intelligent power plant situation awareness platform is completed.
Fig. 1 is a network structure diagram of traditional log collection and flow collection, as shown in fig. 1, the traditional log collection and flow collection devices are independent, an analysis platform is relatively independent, and when the analysis platform is summarized to an outside factory analysis platform of a safe production area i, an independent outlet is needed, so that not only is the maintenance and threat response of engineers not timely caused, but also the external connection risk point of the safe production area i relatively independent is increased.
Disclosure of Invention
The embodiment of the application aims to provide a data acquisition and transmission method and system, which at least solve the problems that the prior art increases the network external networking structure burden of a DCS system, brings more network entrances and exits to a safe production zone I, introduces network security risk points and is not beneficial to network security management of the safe production zone I.
In order to achieve the above object, a first aspect of the present application provides a data acquisition and transmission method, including:
establishing communication connection between the intelligent collector and the DCS system;
collecting log data and full flow data of a DCS system through an intelligent collector;
after gathering log data and full flow data, sending the collected log data and full flow data to a plant-level analysis platform outside a local area network to which the DCS system belongs;
and analyzing the log data and the full flow data through a factory-level analysis platform to obtain a first analysis result.
Optionally, the DCS system includes a switch;
above-mentioned full flow data through intelligent collector collection DCS system includes:
and receiving full-flow data transmitted by the switch mirror image port through the intelligent collector.
Optionally, the collecting, by the intelligent collector, log data of the DCS system includes:
the intelligent collector receives log data collected by an equipment agent of equipment deployed in the DCS system in a Syslog form.
Optionally, after the log data and the full flow data are collected, the collected log data and the full flow data are sent to a factory-level analysis platform located outside a local area network to which the DCS system belongs, where the method includes:
compressing the full-flow data and then sending the full-flow data to a factory-level analysis platform;
the log data is sent to the factory level analysis platform in the form of Syslog.
Optionally, the analyzing the log data and the full flow data by the factory-level analysis platform to obtain a first analysis result includes:
mining network characteristics of log data and full-flow data;
based on network characteristics and preset whitelist rules, carrying out association analysis by combining a preset threat library so as to judge whether abnormal data traffic exists or not;
if abnormal data flow exists, generating alarm information according to the abnormal data flow;
identifying assets which send abnormal data traffic according to the alarm information;
and performing traceability analysis based on the asset sending out the abnormal data flow to obtain a first analysis result, wherein the first analysis result is used for representing whether abnormal data exists or not and the occurrence reason of the abnormal data.
Optionally, the data acquisition and transmission method further includes:
and visually displaying the log data through a factory-level analysis platform.
Optionally, the intelligent collector is communicatively connected to an analysis platform in a local area network, and the method further includes:
the intelligent collector sends the log data and the full-flow data to an analysis platform in the local area network;
and analyzing the log data and the full-flow data through an analysis platform in the local area network to obtain a second analysis result.
A second aspect of the present application provides a data acquisition and transmission system comprising:
the connection establishment module is used for establishing communication connection between the intelligent collector and the DCS system;
the data acquisition module is used for acquiring log data and full-flow data of the DCS system through the intelligent acquisition device;
the data transmission module is used for converging log data and full-flow data and then sending the log data and the full-flow data to a plant-level analysis platform outside a local area network to which the DCS system belongs;
and the data analysis module is used for analyzing the log data and the full flow data through the factory-level analysis platform to obtain a first analysis result.
A third aspect of the application provides a machine-readable storage medium having stored thereon instructions which, when executed by a processor, cause the processor to be configured to perform the data acquisition transmission method described above.
A fourth aspect of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the data acquisition and transmission method when executing the computer program.
Through the technical scheme, the data acquisition and transmission method and the system only perform the full-flow data acquisition of the DCS system and the log data acquisition of the DCS system equipment through the intelligent acquisition device, so that the load of a network structure outside the DCS system network is reduced, the complexity of the DCS system information security network is reduced, and threat warning and equipment state information in the DCS system network are highly integrated. The intelligent acquisition device is used for carrying out data transmission to a factory-level analysis platform which is positioned outside a local area network (namely a safe production area I) to which a DCS system belongs, so that accurate data support is provided for constructing a safe production area I network safety environment, the work response efficiency of engineers is improved, the maintenance cost is reduced while intelligent construction is completed, and the network access of the safe production area I is effectively reduced, so that the network safety risk point of the safe production area I is reduced, and the network safety management of the safe production area I is facilitated.
Additional features and advantages of embodiments of the application will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain, without limitation, the embodiments of the application. In the drawings:
FIG. 1 is a diagram of a conventional log acquisition and traffic acquisition network according to the present application;
FIG. 2 is a flow chart of a data acquisition and transmission method according to an embodiment of the present application;
FIG. 3 is a diagram of an intelligent collector log and flow collection network according to one embodiment of the present application;
FIG. 4 is a block diagram of a data acquisition and transmission system according to one embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to a preferred embodiment of the present application.
Description of the reference numerals
10-electronic device, 100-processor, 101-memory, 102-computer program.
Detailed Description
The following describes specific embodiments of the present application in detail with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the application, are not intended to limit the application.
Referring to fig. 2 and 3, fig. 2 is a flowchart of a data acquisition and transmission method according to an embodiment of the present application, and fig. 3 is a log and flow acquisition network structure diagram of an intelligent collector according to an embodiment of the present application. The embodiment of the application provides a data acquisition and transmission method, which comprises the following steps:
s110: establishing communication connection between the intelligent collector and the DCS system;
specifically, the intelligent collector is connected into the DCS system to realize the establishment of communication connection between the intelligent collector and the DCS system.
S120: collecting log data and full flow data of a DCS system through an intelligent collector;
s130: after gathering log data and full flow data, sending the collected log data and full flow data to a plant-level analysis platform outside a local area network to which the DCS system belongs;
wherein, the local area network to which the DCS system belongs is a safe production I area.
Specifically, the intelligent collector is used for receiving full-flow data and log data, finishing information data aggregation of the safe production area I, and forwarding the information data to an analysis platform of an external factory of the safe production area I for analysis, so that accurate data support is provided for constructing a network safety environment of the safe production area I. The problem that in the prior art, full flow forwarding cannot be realized, analysis results can be forwarded through an analysis platform in a local area network, so that factory-level analysis platform data are incomplete, only analyzed results can be displayed, and network threat tracing cannot be realized is effectively avoided.
S140: and analyzing the log data and the full flow data through a factory-level analysis platform to obtain a first analysis result.
Specifically, the method only carries out the full flow data acquisition of the DCS system and the log data acquisition of the DCS system equipment through the intelligent acquisition device, thereby reducing the load of the network outside the DCS system, reducing the complexity of the DCS system information security network and further highly integrating threat warning and equipment state information in the DCS system network. The intelligent acquisition device is used for carrying out data transmission to a factory-level analysis platform which is positioned outside a local area network (namely a safe production area I) to which a DCS system belongs, so that accurate data support is provided for constructing a safe production area I network safety environment, the work response efficiency of engineers is improved, the maintenance cost is reduced while intelligent construction is completed, and the network access of the safe production area I is effectively reduced, so that the network safety risk point of the safe production area I is reduced, and the network safety management of the safe production area I is facilitated.
It should be noted that, the above-mentioned factory level analysis platform can receive the data of safe production zone I, safe zone II and management information large area simultaneously.
Optionally, the DCS system includes a switch;
above-mentioned full flow data through intelligent collector collection DCS system includes:
and receiving full-flow data transmitted by the switch mirror image port through the intelligent collector. Thereby completing the full flow data acquisition work of the DCS system. The mirror data in fig. 3 is full-flow data transmitted by the mirror port of the switch.
Optionally, the collecting, by the intelligent collector, log data of the DCS system includes:
the intelligent collector receives log data collected by an equipment agent of equipment deployed in the DCS system in a Syslog form.
Specifically, the devices deployed in the DCS system are all provided with a device agent (agent), which may be a software or hardware entity, and is mainly used for periodically collecting log data of the corresponding devices. The agent transmits the collected log data to the intelligent collector in a Syslog form, so that the purpose of collecting the log data through the intelligent collector is achieved.
The log data may include device alert information, device resource usage, for example.
Optionally, after the log data and the full flow data are collected, the collected log data and the full flow data are sent to a factory-level analysis platform located outside a local area network to which the DCS system belongs, where the method includes:
compressing the full-flow data and then sending the full-flow data to a factory-level analysis platform;
the log data is sent to the factory level analysis platform in the form of Syslog.
Specifically, the intelligent collector collects full-flow data in the DCS system network, the full-flow data is compressed and then is forwarded to the plant-level analysis platform, the plant-level analysis platform analyzes the full-flow data, meanwhile, the collected log data is forwarded to the plant-level analysis platform in a Syslog mode, and the plant-level analysis platform performs content display such as equipment log analysis and resource use conditions.
Optionally, the analyzing the log data and the full flow data by the factory-level analysis platform to obtain a first analysis result includes:
mining network characteristics of log data and full-flow data;
based on network characteristics and preset whitelist rules, carrying out association analysis by combining a preset threat library so as to judge whether abnormal data traffic exists or not;
if abnormal data flow exists, generating alarm information according to the abnormal data flow;
identifying assets which send abnormal data traffic according to the alarm information;
and performing traceability analysis based on the asset sending out the abnormal data flow to obtain a first analysis result, wherein the first analysis result is used for representing whether abnormal data exists or not and the occurrence reason of the abnormal data.
Specifically, mining high-granularity network characteristics of log data and full-flow data, manually configuring preset whitelist rules or carrying out multidimensional association analysis based on the mined network characteristics in combination with a preset threat library, judging whether the aggregated log data and full-flow data have risk characteristics, if abnormal data flow occurs, generating an abnormal data alarm, generating alarm information, identifying assets which send out abnormal data flow through the alarm information, carrying out traceability analysis, carrying out evidence collection, judging whether abnormal data and specific abnormality exist, and disposing.
For example, after the cause of abnormality is investigated, specific processing is performed according to a specific problem, if the machine is bad, the machine is replaced, and if it is artificial, the cause of the processing may be a person.
In some implementations of the present embodiment, the log data and full traffic data may be processed using a deep learning algorithm to mine out high fine-grained network features.
Optionally, the data acquisition and transmission method further includes:
and visually displaying the log data through a factory-level analysis platform.
Optionally, the intelligent collector is communicatively connected to an analysis platform in a local area network, and the method further includes:
the intelligent collector sends the log data and the full-flow data to an analysis platform in the local area network;
and analyzing the log data and the full-flow data through an analysis platform in the local area network to obtain a second analysis result.
Specifically, an in-local area network analysis platform is arranged in the local area network to which the DCS system belongs, and the intelligent collector sends the log data and the full-flow data to the in-local area network analysis platform for analysis, so that the data analysis result of the DCS system can be independently displayed through the in-local area network analysis platform.
Fig. 4 is a block diagram of a data acquisition and transmission system according to an embodiment of the present application, and as shown in fig. 4, the embodiment of the present application provides a data acquisition and transmission system, including:
the connection establishment module is used for establishing communication connection between the intelligent collector and the DCS system;
the data acquisition module is used for acquiring log data and full-flow data of the DCS system through the intelligent acquisition device;
the data transmission module is used for converging log data and full-flow data and then sending the log data and the full-flow data to a plant-level analysis platform outside a local area network to which the DCS system belongs;
and the data analysis module is used for analyzing the log data and the full flow data through the factory-level analysis platform to obtain a first analysis result.
Specifically, the system only performs the full flow data acquisition of the DCS system and the log data acquisition of the DCS system equipment through the intelligent acquisition device, so that the load of the network external networking structure of the DCS system is reduced, the complexity of the information security network of the DCS system is also reduced, and threat warning and equipment state information in the DCS system network are further highly integrated. The intelligent acquisition device is used for carrying out data transmission to a factory-level analysis platform which is positioned outside a local area network (namely a safe production area I) to which a DCS system belongs, so that accurate data support is provided for constructing a safe production area I network safety environment, the work response efficiency of engineers is improved, the maintenance cost is reduced while intelligent construction is completed, and the network access of the safe production area I is effectively reduced, so that the network safety risk point of the safe production area I is reduced, and the network safety management of the safe production area I is facilitated.
Embodiments of the present application provide a machine-readable storage medium having instructions stored thereon, which when executed by a processor, cause the processor to be configured to perform the data acquisition transmission method described above.
Machine-readable storage media include both permanent and non-permanent, removable and non-removable media, and information storage may be implemented by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
The embodiment of the application provides an electronic device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the data acquisition and transmission method when executing the computer program.
Fig. 5 is a schematic diagram of an electronic device according to an embodiment of the present application. As shown in fig. 5, the electronic device 10 of this embodiment includes: a processor 100, a memory 101, and a computer program 102 stored in the memory 101 and executable on the processor 100. The steps of the method embodiments described above are implemented by the processor 100 when executing the computer program 102. Alternatively, the processor 100, when executing the computer program 102, performs the functions of the modules/units of the apparatus embodiments described above.
By way of example, computer program 102 may be partitioned into one or more modules/units that are stored in memory 101 and executed by processor 100 to accomplish the present application. One or more of the modules/units may be a series of computer program instruction segments capable of performing a specific function for describing the execution of the computer program 102 in the terminal device 10. For example, the computer program 102 may be divided into a connection establishment module, a data acquisition module, a data transmission module, and a data analysis module.
The electronic device 10 may be a desktop computer, a notebook computer, a palm computer, a cloud server, or the like. The electronic device 10 may include, but is not limited to, a processor 100, a memory 101. It will be appreciated by those skilled in the art that fig. 5 is merely an example of the electronic device 10 and is not intended to limit the electronic device 10, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the electronic device may further include an input-output device, a network access device, a bus, etc.
The processor 100 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 101 may be an internal storage unit of the electronic device 10, such as a hard disk or a memory of the electronic device 10. The memory 101 may also be an external storage device of the electronic device 10, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 10. Further, the memory 101 may also include both internal storage units and external storage devices of the electronic device 10. The memory 101 is used to store computer programs and other programs and data required by the electronic device 10. The memory 101 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (10)
1. A data acquisition and transmission method, comprising:
establishing communication connection between the intelligent collector and the DCS system;
collecting log data and full flow data of the DCS system through the intelligent collector;
the log data and the full flow data are collected and then sent to a factory-level analysis platform outside a local area network to which the DCS system belongs;
and analyzing the log data and the full flow data through the factory-level analysis platform to obtain a first analysis result.
2. The data acquisition and transmission method according to claim 1, wherein the DCS system includes a switch;
the collecting of the full flow data of the DCS system by the intelligent collector comprises the following steps:
and receiving full-flow data transmitted by the switch mirror image port through the intelligent collector.
3. The data collection and transmission method according to claim 1, wherein the collecting, by the intelligent collector, log data of the DCS system includes:
the intelligent collector receives log data collected by an equipment agent of equipment deployed in the DCS system in a Syslog form.
4. The data collection and transmission method according to claim 1, wherein the step of converging the log data and the full-flow data and then sending the collected log data and the full-flow data to a factory-level analysis platform located outside a local area network to which a DCS system belongs, includes:
after compressing the full-flow data, sending the full-flow data to a factory-level analysis platform;
the log data is sent to the factory level analysis platform in the form of Syslog.
5. The data collection and transmission method according to claim 1, wherein the analyzing the log data and the full-flow data by the factory-level analysis platform to obtain a first analysis result includes:
mining network characteristics of the log data and the full-flow data;
based on the network characteristics and a preset white list rule, carrying out association analysis by combining a preset threat library so as to judge whether abnormal data traffic exists;
if abnormal data flow exists, generating alarm information according to the abnormal data flow;
identifying assets which send out abnormal data traffic according to the alarm information;
and performing traceability analysis based on the asset sending out the abnormal data flow to obtain a first analysis result, wherein the first analysis result is used for representing whether abnormal data exists or not and the occurrence reason of the abnormal data.
6. The data acquisition and transmission method of claim 1, further comprising:
and visually displaying the log data through a factory-level analysis platform.
7. The data acquisition and transmission method of claim 1, wherein the intelligent collector is communicatively connected to an intra-lan analysis platform, the method further comprising:
the intelligent collector sends the log data and the full-flow data to the local area network analysis platform;
and analyzing the log data and the full flow data through the local area network analysis platform to obtain a second analysis result.
8. A data acquisition and transmission system, comprising:
the connection establishment module is used for establishing communication connection between the intelligent collector and the DCS system;
the data acquisition module is used for acquiring log data and full flow data of the DCS through the intelligent acquisition device;
the data transmission module is used for converging the log data and the full flow data and then sending the log data and the full flow data to a plant-level analysis platform outside a local area network to which the DCS system belongs;
and the data analysis module is used for analyzing the log data and the full flow data through the factory-level analysis platform to obtain a first analysis result.
9. A machine-readable storage medium having instructions stored thereon, which when executed by a processor cause the processor to be configured to perform the data acquisition transmission method of any one of claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the data acquisition transmission method of any one of claims 1 to 7 when the computer program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310554419.0A CN116684124A (en) | 2023-05-16 | 2023-05-16 | Data acquisition and transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310554419.0A CN116684124A (en) | 2023-05-16 | 2023-05-16 | Data acquisition and transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116684124A true CN116684124A (en) | 2023-09-01 |
Family
ID=87786340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310554419.0A Pending CN116684124A (en) | 2023-05-16 | 2023-05-16 | Data acquisition and transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116684124A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118584882A (en) * | 2024-08-02 | 2024-09-03 | 朗坤智慧科技股份有限公司 | High-precision integration method and system for alarm event signals of distributed control system |
-
2023
- 2023-05-16 CN CN202310554419.0A patent/CN116684124A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118584882A (en) * | 2024-08-02 | 2024-09-03 | 朗坤智慧科技股份有限公司 | High-precision integration method and system for alarm event signals of distributed control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6461246B2 (en) | Safety inspection method and equipment based on Industrial Internet Operation System | |
| CN110752951A (en) | Industrial network flow monitoring and auditing method, device and system | |
| CN111866016A (en) | Log analysis method and system | |
| CN110347694B (en) | Equipment monitoring method, device and system based on Internet of things | |
| CN110198347B (en) | Block chain based early warning method and sub-control server | |
| CN116684124A (en) | Data acquisition and transmission method and system | |
| CN112256763A (en) | Online monitoring system and equipment | |
| CN113433882A (en) | Station room intelligent assistance and artificial intelligence visual gateway control method and system | |
| CN114978879A (en) | Equipment fault analysis method, equipment and medium based on intelligent three-color lamp | |
| CN113794719B (en) | Network abnormal traffic analysis method and device based on elastic search technology and electronic equipment | |
| CN115102730A (en) | Integrated monitoring method for multiple devices | |
| CN112383417B (en) | Terminal security external connection detection method, system, equipment and readable storage medium | |
| CN109818808A (en) | Method for diagnosing faults, device and electronic equipment | |
| CN117608957A (en) | System security monitoring method, device and storage medium | |
| CN115567563B (en) | Comprehensive transportation hub monitoring and early warning system based on end edge cloud and control method thereof | |
| CN107612755A (en) | The management method and its device of a kind of cloud resource | |
| CN108933707B (en) | Safety monitoring system and method for industrial network | |
| CN114662939A (en) | Social information gridding management system and management method thereof | |
| CN109120439B (en) | Distributed cluster alarm output method, device, equipment and readable storage medium | |
| CN111427930A (en) | Low-voltage photovoltaic energy storage microgrid device monitoring management system, method and device | |
| CN112615744A (en) | Computer lab asset cloud safety management platform | |
| CN110633259A (en) | HDFS-based fault pushing system | |
| CN115394053B (en) | Cable pit ambient gas monitoring alarm device | |
| CN113742164B (en) | Diversified data acquisition system and method based on digital power grid and storage medium | |
| CN111092751B (en) | Monitoring data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |