公开(公告)号：US11134064B2

公开(公告)日：2021-09-28

申请号：US16316290

申请日：2018-06-07

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Xianda Liu ,  Tianyu Wang ,  Jianming Zhao ,  Bowen Zhang ,  Peng Zeng ,  Haibin Yu

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/33

Abstract: The present invention relates to a network guard unit for an industrial embedded system and a guard method. The specific method is to form the network guard unit (NGU) through security technologies, such as integrated access control, identity authentication and communication data encryption, to provide active guard for a site control device. The NGU comprises an access control module, an identity authentication module, a data encryption module, a key negotiation module and a PCIE communication module, and supports the communication modes of dual network cards and PCIE bus. The present invention builds a secure and trusted operating environment for industrial control systems in combination with an active guard technical means in the field of information security on the basis of ensuring the correctness and the feasibility of security of various terminal devices in the industrial control systems.

公开(公告)号：US10261502B2

公开(公告)日：2019-04-16

申请号：US15527208

申请日：2014-12-30

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Wenli Shang ,  Jianming Zhao ,  Ming Wan ,  Peng Zeng ,  Haibin Yu

IPC: H04L29/06 ,  G05B19/418 ,  H04L12/40

Abstract: Proposed is an anomaly detection method for communication behaviors in an industrial control system based on an OCSVM algorithm. According to the present invention, a normal behavior profile model and an abnormal behavior profile model, i.e. a dual-outline model, of communication behaviors in an industrial control system are established, parameter optimization is performed by means of a particle swarm optimization (PSO) algorithm, an optimal intrusion detection model is obtained, and abnormal Modbus TCP communication traffic is identified. According to the present invention, the false alarm rate is reduced by means of cooperative discrimination of the dual-outline detection model, the efficiency and reliability of anomaly detection are improved, and the method is more applicable to practical applications.

公开(公告)号：US10447655B2

公开(公告)日：2019-10-15

申请号：US15525667

申请日：2015-12-25

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Peng Zeng ,  Wenli Shang ,  Dong Li ,  Ming Wan ,  Jianming Zhao ,  Jindi Liu ,  Ming Yang

IPC: H04L29/06 ,  G05B19/418 ,  H04L12/741 ,  H04L12/937 ,  H04L12/851 ,  H04L12/931 ,  H04L29/08

Abstract: The present invention discloses a method for controlling transmission security of an industrial communication flow based on an SDN architecture. The method comprises: designing a flow security control module in a management controller, performing in-depth parsing on industrial communication flow data, matching the parsing result with each preset industrial rule policy, and executing a control processing operation of the industrial rule policy, to implement transmission control of an industrial communication flow. The management controller comprises an industrial rule policy database used for storing all industrial rule policies set by a user. An SDN switch maintains a structure of a flow table, and an industrial communication flow is forwarded according to the flow table. The flow table comprises a security control identifier used for indicating whether security transmission of this communication flow needs to be controlled. The present invention can detect the legality of an industrial communication data flow, to control access of industrial communication that does not conform to an industrial rule policy, so that the security and reliability of industrial control systems based on an SDN architecture are guaranteed.

公开(公告)号：US11132468B2

公开(公告)日：2021-09-28

申请号：US16316205

申请日：2018-06-07

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Haibin Yu ,  Peng Zeng ,  Xianda Liu ,  Jianming Zhao ,  Tianyu Wang ,  Bowen Zhang

IPC: H04L29/00 ,  G06F21/72 ,  G06F9/50 ,  G06F13/362 ,  G06F21/55 ,  G06F21/60 ,  G06F21/64

Abstract: The present invention relates to a security processing unit of PLC and a bus arbitration method thereof, to provide PLC with an active defense means to build a PLC hardware and software security layer. On a hardware security layer, a part of hardware processing mechanism is added to support trusted measurement, encryption algorithms and signature algorithms, and a virtual isolation technology is used; and on a software security layer, transparent encryption and decryption, integrity verification, backup recovery and virtual isolation security mechanism are provided. The security processing aspect is improved to achieve the purpose of security and reliability. The present invention can correctly establish a trusted environment of PLC to ensure that PLC is guided by a strictly verified path. A new star type trusted structure is designed to reduce loss during information transmission and increase information transmission efficiency.

公开(公告)号：US11102226B2

公开(公告)日：2021-08-24

申请号：US16317493

申请日：2018-05-07

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Haibin Yu ,  Peng Zeng ,  Jianming Zhao ,  Xianda Liu ,  Chunyu Chen ,  Tianyu Wang

IPC: H04L29/06 ,  G05B19/05 ,  G06F21/44 ,  G06F21/33 ,  G06F21/57

Abstract: The present invention relates to a dynamic security method and system based on multi-fusion linkage response. In the method, a site control device conducts active response and passive response through identity authentication and key management to give an alarm for abnormal behaviors. The system comprises an access authentication active response module, an access control active response module, an access control passive response module, an abnormal pretending passive response module, a key vulnerability passive response module and an abnormal state passive response mechanism module. On the basis of ensuring validity and feasibility for the security of a terminal device, the present invention can build a secure and trusted industrial control system operating environment.

公开(公告)号：US11093258B2

公开(公告)日：2021-08-17

申请号：US15572624

申请日：2017-03-14

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Jianming Zhao ,  Xianda Liu ,  Tianyu Wang ,  Bowen Zhang ,  Chunyu Chen ,  Peng Zeng ,  Haibin Yu

IPC: G06F9/4401 ,  G06F8/61 ,  G05B19/042 ,  G06F9/445 ,  G06F21/57 ,  G05B19/05

Abstract: The present invention discloses a method for trusted booting of PLC based on a measurement mechanism, comprising the following steps: a step of initializing self firmware verification; a step of reading and computing firmware information about a PLC; a step of checking and storing one by one; and a step of verifying at the operation start stage. In the method of the present invention, a chip with a trusted function is used as a core of hardware computation. The PLC extends a Flash bus for loading by hardware of the method of the present invention. The hardware of the method of the present invention recognizes necessary boot information, verifies the integrity of the boot loader necessary for the PLC system through the integrity check method and ensures that the booted PLC system is in a trusted state. On the basis of ensuring validity and feasibility for the safety of a terminal device, the present invention can build a safe and trusted industrial control system operating environment.