US2018227329A1PendingUtilityA1

Method and apparatus for detecting security using an industry internet operating system

Assignee: KYLAND TECHNOLOGY CO LTDPriority: Feb 9, 2017Filed: Mar 9, 2018Published: Aug 9, 2018
Est. expiryFeb 9, 2037(~10.6 yrs left)· nominal 20-yr term from priority
H04L 63/105H04L 63/1433H04L 63/1425H04L 67/12H04L 63/14G06Q 50/06H04L 63/10H04L 63/20H04L 63/04G05B 2219/32404H04L 63/18H04L 63/1416
34
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Disclosed area method and apparatus for detecting security using an industry internet operating system so as to address problems in the prior art of poor security of field devices, and high difficulty of manipulating the field devices. In the method, security detection rules corresponding to respective field devices are obtained according to various heterogeneous and dispersed operating data information in an industry field acquired in real-time into a database, in a big-data analysis mode of an industry big-data analysis platform, and some of the security detection rules corresponding to the field devices are selected and then issued to execution devices to detect the field devices for security to guarantee controllable security in the industry field. In this way, industry data can be acquired, parsed, stored, mined, optimized, and secured in the big-data analysis mode, so that an industry and the field devices can operate in a trusted operating environment.

Claims

exact text as granted — not AI-modified
1 . A method for detecting security using an industry internet operating system, the method comprises:
 obtaining operating data information of respective field devices in a specified period of time respectively, and extracting characteristic data information of the respective field devices in the specified period of time from obtained operating data information corresponding respectively to the respective field devices;   obtaining respective security detecting rules corresponding to the respective field devices according to obtained characteristic data information of the corresponding field devices in the specified period of time;   determining respective target security detection rules corresponding to the respective field devices, and execution devices corresponding to the respective target security detection rules according to the obtained respective security detection rules corresponding respectively to the respective field devices; and   issuing the respective determined target security detection rules respectively to the corresponding execution devices, so that the respective execution devices detect the corresponding field devices for security respectively under the received target security detection rules.   
     
     
         2 . The method according to  claim 1 , wherein the extracting the characteristic data information of the respective field devices in the specified period of time from the obtained operating data information corresponding respectively to the respective field devices comprises:
 analyzing the operating data information corresponding to the respective field devices respectively to obtaining respective dimensions corresponding to the field devices, and determining operating events in the respective dimensions, and association relationships among the operating events in the respective dimensions; and   determining the obtained operating events in the respective dimensions corresponding to the respective field devices, and the association relationships among the operating events in the respective dimensions respectively as the characteristic data information of the corresponding field devices in the specified period of time.   
     
     
         3 . The method according to  claim 1 , wherein the obtaining the respective security detecting rules corresponding to the respective field devices according to the obtained characteristic data information of the corresponding field devices in the specified period of time comprises:
 determining the characteristic data information of the respective field devices in the specified period of time respectively as security detection criterions corresponding to the field devices, and describing the security detection criterions corresponding to the respective field devices respectively as the respective security detection rules corresponding to the respective field devices in a preset rule description pattern.   
     
     
         4 . The method according to  claim 1 , wherein the determining the respective target security detection rules corresponding to the respective field devices, and the execution devices corresponding to the respective target security detection rules according to the obtained respective security detection rules corresponding to the respective field devices comprises:
 outputting a selection interface on which there are displayed at least the obtained respective security detection rules corresponding to the respective field devices, and identifiers of the respective execution devices corresponding to the respective field devices, and obtaining the respective target security detection rules corresponding to the respective field devices, and the execution devices corresponding to the respective target security detection rules according to detected selection operations performed on the selection interface; or   selecting the respective target security detection rules corresponding to each field device from the obtained respective security detection rules corresponding to the field device under a preset rule selection condition, and allocating the execution devices respectively for the respective selected target security detection rules in a preset execution device allocation scheme.   
     
     
         5 . The method according to  claim 1 , wherein the method further comprises: if an externally imported security detection rule is received, then determining the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and issuing the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule. 
     
     
         6 . The method according to  claim 2 , wherein the method further comprises: if an externally imported security detection rule is received, then determining the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and issuing the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule. 
     
     
         7 . The method according to  claim 3 , wherein the method further comprises: if an externally imported security detection rule is received, then determining the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and issuing the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule. 
     
     
         8 . The method according to  claim 4 , wherein the method further comprises: if an externally imported security detection rule is received, then determining the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and issuing the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule. 
     
     
         9 . An apparatus for detecting security using an industry internet operating system, the apparatus comprises:
 a data obtaining unit configured to obtain operating data information of respective field devices in a specified period of time respectively, and to extract characteristic data information of the respective field devices in the specified period of time from the obtained operating data information corresponding respectively to the respective field devices;   a rule generating unit configured to obtain respective security detecting rules corresponding to the respective field devices according to obtained characteristic data information of the corresponding field devices in the specified period of time;   a rule selecting unit configured to determine respective target security detection rules corresponding to the respective field devices, and execution devices corresponding to the respective target security detection rules according to the obtained respective security detection rules corresponding to the respective field devices; and   a rule issuing unit configured to issue respective determined target security detection rules respectively to the execution devices, so that the execution devices detect the corresponding field devices for security respectively under received target security detection rules.   
     
     
         10 . The apparatus according to  claim 9 , wherein the data obtaining unit is configured to extract characteristic data information of the respective field devices in the specified period of time from the obtained operating data information corresponding respectively to the respective field devices by:
 analyzing the operating data information corresponding to the respective field devices respectively for respective dimensions corresponding to the field devices, and determining operating events in the respective dimensions, and association relationships among the operating events in the respective dimensions; and   determining obtained operating events in the respective dimensions corresponding to the respective field devices, and the association relationships among the operating events in the respective dimensions respectively as the characteristic data information of the corresponding field devices in the specified period of time.   
     
     
         11 . The apparatus according to  claim 9 , wherein the rule generating unit is configured to obtain the respective security detecting rules corresponding to the respective field devices according to the obtained characteristic data information of the corresponding field devices in the specified period of time by:
 determining the characteristic data information of the respective field devices in the specified period of time respectively as security detection criterions corresponding to the field devices, and describing the security detection criterions corresponding to the respective field devices respectively as the security detection rules corresponding to the respective field devices in a preset rule description pattern.   
     
     
         12 . The apparatus according to  claim 9 , wherein the rule selecting unit is configured to determine the respective target security detection rules corresponding to the respective field devices, and the execution devices corresponding to the respective target security detection rules according to the obtained respective security detection rules corresponding to the respective field devices by:
 outputting a selection interface on which there are displayed at least the obtained respective security detection rules corresponding to the respective field devices, and identifiers of the respective execution devices corresponding to the respective field devices, and obtaining the respective target security detection rules corresponding to the respective field devices, and the execution devices corresponding to the respective target security detection rules according to detected selection operations performed on the selection interface; or   selecting the respective target security detection rules corresponding to each field device from the obtained respective security detection rules corresponding to the corresponding field device under a preset rule selection condition, and allocating the corresponding execution devices respectively for the respective selected target security detection rules in a preset execution device allocation scheme.   
     
     
         13 . The apparatus according to  claim 9 , wherein the rule issuing unit is further configured, if an externally imported security detection rule is received, to determine the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and to issue the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule. 
     
     
         14 . The apparatus according to  claim 10 , wherein the rule issuing unit is further configured, if an externally imported security detection rule is received, to determine the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and to issue the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule. 
     
     
         15 . The apparatus according to  claim 11 , wherein the rule issuing unit is further configured, if an externally imported security detection rule is received, to determine the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and to issue the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule. 
     
     
         16 . The apparatus according to  claim 12 , wherein the rule issuing unit is further configured, if an externally imported security detection rule is received, to determine the externally imported security detection rule as a target security detection rule corresponding to a field device upon determining the field device and an execution device corresponding to the externally imported security detection rule, and to issue the target security detection rule to the execution device, so that the execution device detects the corresponding field device for security under the received target security detection rule.

Join the waitlist — get patent alerts

Track US2018227329A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.