-
公开(公告)号:US20210065021A1
公开(公告)日:2021-03-04
申请号:US16636736
申请日:2019-02-21
Inventor: Wenli SHANG , Peng ZENG , Xianda LIU , Jianming ZHAO , Long YIN , Chunyu CHEN , Jiansong AO , Guoyu TONG
Abstract: The present invention relates to a working condition state modeling and model correcting method, comprising collecting data, and arranging the data in a chronological order to form a time sequence data set; preprocessing the time sequence data set; clustering the preprocessed time sequence data set, computing a central point data set of the duster, and generating a working condition data set and a working condition process data set; counting a working condition transition probability for the working condition process data set to form a working condition transition probability model data set; collecting the data, and detecting and processing the data; computing a working condition state transition mode phase by phase and processing. The present invention is based on a counting modeling method, introduces expert prior knowledge to correct the established model gradually, enables the model range to cover the overall system working condition state and solves the problem of low coverage rage in the mechanism analysis modeling methods and the counting modeling method, The present invention can be used as the input of an abnormal working condition diagnosis method, and can effectively improve the accuracy rate of abnormality diagnosis.
-
公开(公告)号:US20200042747A1
公开(公告)日:2020-02-06
申请号:US16316205
申请日:2018-06-07
Inventor: Haibin YU , Peng ZENG , Wenli SHANG , Xianda LIU , Jianming ZHAO , Long YIN , Chunyu CHEN
Abstract: The present invention relates to a security processing unit of PLC and a bus arbitration method thereof, to provide PLC with an active defense means to build a PLC hardware and software security layer. On a hardware security layer, a part of hardware processing mechanism is added to support trusted measurement, encryption algorithms and signature algorithms, and a virtual isolation technology is used; and on a software security layer, transparent encryption and decryption, integrity verification, backup recovery and virtual isolation security mechanism are provided. The security processing aspect is improved to achieve the purpose of security and reliability. The present invention can correctly establish a trusted environment of PLC to ensure that PLC is guided by a strictly verified path. A new star type trusted structure is designed to reduce loss during information transmission and increase information transmission efficiency.
-
3.发明申请公开(公告)号:US20180288084A1
公开(公告)日:2018-10-04
申请号:US15572643
申请日:2017-04-17
Inventor: Wenli SHANG , Jianming ZHAO , Ming WAN , Xianda LIU , Long YIN , Peng ZENG , Haibin YU
Abstract: The present application discloses a method for automatically establishing an intrusion detection model based on an industrial control network, including: judging whether a first intrusion detection model meets preset detection requirements, and extracting communication behavior traffic data in real time if not; setting a training data set and a test date set according to the communication behavior traffic data; establishing an initial intrusion detection model according to the training data set; and testing the initial intrusion detection model using the test date set, and establishing a second intrusion detection model meeting the preset detection requirements according to the test result. The second intrusion detection model has high detection accuracy, thereby increasing intrusion detection rate of abnormal behavior and reducing false positive rate and false negative rate.
-
4.发明申请公开(公告)号:US20170329314A1
公开(公告)日:2017-11-16
申请号:US15527208
申请日:2014-12-30
Inventor: Wenli SHANG , Jianming ZHAO , Ming WAN , Peng ZENG , Haibin YU
IPC: G05B19/418 , H04L12/40
CPC classification number: G05B19/4185 , H04L12/40 , H04L12/40039 , H04L29/06 , H04L63/1425 , H04L2012/40228
Abstract: Proposed is an anomaly detection method for communication behaviours in an industrial control system based on an OCSVM algorithm. According to the present invention, a normal behaviour profile model and an abnormal behaviour profile model, i.e. a dual-outline model, of communication behaviours in an industrial control system are established, parameter optimization is performed by means of a particle swarm optimization (PSO) algorithm, an optimal intrusion detection model is obtained, and abnormal Modbus TCP communication traffic is identified. According to the present invention, the false alarm rate is reduced by means of cooperative discrimination of the dual-outline detection model, the efficiency and reliability of anomaly detection are improved, and the method is more applicable to practical applications.
-
公开(公告)号:US20210119908A1
公开(公告)日:2021-04-22
申请号:US17041530
申请日:2019-12-19
IPC: H04L12/725 , H04L12/741 , H04L12/46
Abstract: The present invention discloses a data forwarding unit based on a Handle identifier, comprising a dynamic configuration module, a Handle identifier data identification module and a matching-forwarding module. The system of the present invention is applied to network devices such as switches and routers, and supports dynamic configuration of data packet analysis, matching and forwarding rules through data interaction with network systems such as SDN managers, so that the network devices can identify data packets based on the Handle identifier and perform the specified operation on the designated data packets with the Handle identifier according to the rules of dynamic configuration.
-
Patent Agency Ranking
公开(公告)号:US20200042711A1
公开(公告)日:2020-02-06
申请号:US16316269
申请日:2018-05-07
Inventor: Haibin YU , Peng ZENG , Wenli SHANG , Jianming ZHAO , Xianda LIU , Long YIN , Chunyu CHEN
IPC: G06F21/57 , G06F9/4401
Abstract: A method for starting a trusted embedded platform based on TPM industrial control includes taking a Core Root of Trust Measurement (CRTM) as a source of a trust chain and executing CRTM after electrifying an embedded platform; conducting trust measurement of BIOS and starting BIOS after passing measurement; BIOS measuring Bootloader and extending a measured value into PCR corresponding to TPM; after passing the measurement, transferring a control execution right to Bootloader; and Bootloader measuring OS kernel start process, recording a measured value into PCR of TPM, and executing a start flow of OS after passing the measurement. The method performs measurement before start of each part of a start process, and measured values are also stored in the PCR corresponding to TPM. When the start process is tampered by an attacker, an integrity measurement mechanism terminates the execution of a program, thereby ensuring the security of the embedded platform.
-
公开(公告)号:US20190253444A1
公开(公告)日:2019-08-15
申请号:US16317493
申请日:2018-05-07
Inventor: Haibin YU , Peng ZENG , Wenli SHANG , Jianming ZHAO , Xianda LIU , Long YIN , Chunyu CHEN
CPC classification number: H04L63/1425 , G05B19/05 , G06F21/44 , H04L29/06 , H04L63/0435 , H04L63/0823 , H04L63/102
Abstract: The present invention relates to a dynamic security method and system based on multi-fusion linkage response. In the method, a site control device conducts active response and passive response through identity authentication and key management to give an alarm for abnormal behaviors. The system comprises an access authentication active response module, an access control active response module, an access control passive response module, an abnormal pretending passive response module, a key vulnerability passive response module and an abnormal state passive response mechanism module. On the basis of ensuring validity and feasibility for the security of a terminal device, the present invention can build a secure and trusted industrial control system operating environment.
-
公开(公告)号:US20180285127A1
公开(公告)日:2018-10-04
申请号:US15572624
申请日:2017-03-14
Inventor: Wenli SHANG , Jianming ZHAO , Ming WAN , Dianbo LI , Shichao LI , Peng ZENG , Haibin YU
IPC: G06F9/4401 , G05B19/042 , G05B19/05 , G06F8/61
Abstract: The present invention discloses a method for trusted booting of PLC based on a measurement mechanism, comprising the following steps: a step of initializing self firmware verification; a step of reading and computing firmware information about a PLC; a step of checking and storing one by one; and a step of verifying at the operation start stage. In the method of the present invention, a chip with a trusted function is used as a core of hardware computation. The PLC extends a Flash bus for loading by hardware of the method of the present invention. The hardware of the method of the present invention recognizes necessary boot information, verifies the integrity of the boot loader necessary for the PLC system through the integrity check method and ensures that the booted PLC system is in a trusted state. On the basis of ensuring validity and feasibility for the safety of a terminal device, the present invention can build a safe and trusted industrial control system operating environment.
-
9.发明申请公开(公告)号:US20170339109A1
公开(公告)日:2017-11-23
申请号:US15525667
申请日:2015-12-25
Inventor: Peng ZENG , Wenli SHANG , DONG LI , Ming WAN , Jianming ZHAO , Jindi LIU , Ming YANG
IPC: H04L29/06 , H04L12/937 , H04L12/741 , G05B19/418 , H04L12/931 , H04L29/08
Abstract: The present invention discloses a method for controlling transmission security of an industrial communication flow based on an SDN architecture. The method comprises: designing a flow security control module in a management controller, performing in-depth parsing on industrial communication flow data, matching the parsing result with each preset industrial rule policy, and executing a control processing operation of the industrial rule policy, to implement transmission control of an industrial communication flow. The management controller comprises an industrial rule policy database used for storing all industrial rule policies set by a user. An SDN switch maintains a structure of a flow table, and an industrial communication flow is forwarded according to the flow table. The flow table comprises a security control identifier used for indicating whether security transmission of this communication flow needs to be controlled. The present invention can detect the legality of an industrial communication data flow, to control access of industrial communication that does not conform to an industrial rule policy, so that the security and reliability of industrial control systems based on an SDN architecture are guaranteed.
-
10.发明申请公开(公告)号:US20250086005A1
公开(公告)日:2025-03-13
申请号:US18294391
申请日:2023-07-05
Abstract: A digital twin-based edge-end collaborative scheduling method for heterogeneous tasks and resources includes the following steps: establishing an edge wireless network based on digital twin; constructing an edge-end collaborative scheduling problem prototype of the heterogeneous tasks and resources; performing problem conversion based on a multi-agent Markov decision process; constructing an Actor-Critic neural network model based on multi-agent deep reinforcement learning; performing offline centralized training of the neural network model by digital twin; performing online distributed execution of task offloading and computation and communication resource allocation by end devices to collaboratively process the heterogeneous tasks. The method optimizes the heterogeneous computation resource types, the task offloading ratio, the transmit power of the end devices and the computation resource allocation ratio of edge servers through digital twin, supports the on-demand offloading of heterogeneous tasks, realizes edge-end collaborative computing, and minimizes the total task processing delay.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.017 seconds)
