公开(公告)号：US20230224235A1

公开(公告)日：2023-07-13

申请号：US17928374

申请日：2020-06-01

Applicant: Siemens Aktiengesellschaft ,  SIEMENS LTD.,

Inventor： Wen Tang ,  Jie Song ,  Jun Jie Zhang ,  Gong Su Ma ,  Can Lin Chen ,  Tao Lin ,  Jian Xin Zhou ,  Rong Ju Yang

IPC: H04L45/02 ,  H04L61/255

CPC classification number: H04L45/02 ,  H04L61/255 ,  H04L2101/622

Abstract: Various embodiments of the teachings herein include a network topology construction method. The method may include: acquiring a MAC address table of each port on each switch in a target network; determining a first connection relationship in the target network according to the MAC addresses of terminal devices in the target network included in each acquired MAC address table; determining at least one first port according to the first connection relationship in the target network; determining a second connection relationship in the target network according to the MAC addresses included in the MAC address table of each of the first ports in the target network; and determining a network topology of the target network according to the first connection relationship and the second connection relationship in the target network.

公开(公告)号：US11418521B2

公开(公告)日：2022-08-16

申请号：US17417898

申请日：2018-12-26

Applicant: Siemens Aktiengesellschaft

Inventor： Wen Tang

IPC: H04L9/40

Abstract: The present disclosure relates to a monitoring method, device and system for an industrial control system and a computer-readable medium. They are used to effectively monitor the industrial control system. The method includes: obtaining first network traffic transmitted in the industrial control system in a passive monitoring manner; determining whether it is necessary to monitor the industrial control system in an active probe manner according to characteristics of industrial devices in the industrial control system in the first network traffic; and upon determining it is necessary to monitor the industrial control system in an active probe manner, determining a target industrial device according to the characteristics of the industrial devices in the industrial control system in the first network traffic, sending third network traffic to the determined target industrial device, and obtaining second network traffic sent by the target industrial device in response to the third network traffic.

公开(公告)号：US20220198012A1

公开(公告)日：2022-06-23

申请号：US17637389

申请日：2019-08-23

Applicant: Siemens Aktiengesellschaft

Inventor： Dai Fei Guo ,  Wen Tang

IPC: G06F21/56 ,  G06F21/55 ,  G06F21/78

Abstract: Various embodiments include a method for security management at a scanning system installed outside a monitored system. The method comprises: acquiring first information for identification of a mobile storage device; generating third information to indicate current status of files on the mobile storage device; and sending the first information and the third information to a monitoring system to check if usage of the mobile storage device in the monitored system is secure.

公开(公告)号：US11747799B2

公开(公告)日：2023-09-05

申请号：US16616034

申请日：2017-05-31

Applicant: Siemens Aktiengesellschaft

Inventor： Wen Tang

IPC: G05B23/02 ,  H04L9/40 ,  H04L41/28

CPC classification number: G05B23/027 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20

Abstract: The present invention relates to the technical field of industrial networks and information security, and in particular to an industrial control system and a network security monitoring method therefor, for effectively monitoring the network security of an industrial control system. The method comprises: selecting at least one first data source related to an industrial control system and acquiring first data therefrom; counting time-varying features of the first data to serve as a behavior model for the industrial control system; acquiring second data from some or all of the at least one first data source; and determining whether the second data has the features described by the behavior model, and if so, determining that the industrial control system exhibits normal behavior, and if not, determining that the industrial control system exhibits abnormal behavior. In consideration of the certainty of the behavior of the industrial control system, a system behavior model is obtained by means of counting. A judgement regarding an abnormal system behavior is made based on the relatively determined behavior model, so that the obtained determination result is more accurate.

公开(公告)号：US11483285B2

公开(公告)日：2022-10-25

申请号：US16454288

申请日：2019-06-27

Applicant: Siemens Aktiengesellschaft

Inventor： Wen Tang

IPC: H04L29/06 ,  H04L9/40

Abstract: An access control device provides a secure access control mechanism for a system being remotely accessed. An embodiment of the access control device includes a front-end firewall to provide a first network port to connect a computer to remotely access the system; a bastion host connected with the front-end firewall; and a back-end firewall, connected with the bastion host, to provide a second network port to connect the system. The back-end firewall determines remotely accessible resources in the system and determines resources remotely accessible by the computer, among the remotely accessible resources in the system, according to remote access control policies. The bastion host provides the computer with information provided by the back-end firewall about the resources remotely accessible by the computer through the first network port of the front-end firewall, to permit the resources to be remotely accessible by the computer. Advantages may include security, simplicity and plug-and-play.

公开(公告)号：US20180124121A1

公开(公告)日：2018-05-03

申请号：US15559524

申请日：2016-03-18

Applicant: Siemens Aktiengesellschaft

Inventor： Uwe Blöcher ,  Rainer Falk ,  Jens Reinert ,  Wen Tang ,  Martin Wimmer

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/306 ,  G06F21/6236 ,  H04L63/02 ,  H04L63/0209 ,  H04L63/0281 ,  H04L63/105 ,  H04L63/123 ,  H04W12/02

Abstract: A one-way coupling device for the feedback-free transmission of data from the first network with high security requirements into a second network with low security requirements, containing a request unit, an eavesdropping unit and a receiving unit, wherein the request unit is formed so as to provide a first communication link within the first network to at least one device and, moreover, to request first data from the at least one device and then to transmit the first data via a second communication link on a separate line loop of the request unit, and the eavesdropping unit, which is formed so as to eavesdrop on data on the separate line loop and to transmit data to a receiving unit which is arranged in the second network. Also, a corresponding request unit, a corresponding method and a corresponding computer program product is also provided.

公开(公告)号：US12081567B2

公开(公告)日：2024-09-03

申请号：US17052254

申请日：2018-05-03

Applicant: Siemens Aktiengesellschaft

Inventor： Wen Tang

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L63/1416 ,  H04L63/20

Abstract: Embodiments of the invention relates to the technical field of industrial networks and information security, in particular to an analysis device, method and/or system for an operational technology system and a storage medium. The device includes a parsing module configured to acquire first data related to the operational technology system from a data storage area, and parse out first features of the first data; an identifying module configured to identify an abnormal feature from the first features; and a model generation module configured to acquire second data related to the abnormal feature from the data storage area, and generate an algorithm model based on the second data, where the algorithm model is used for identifying an attack behavior related to the abnormal feature. The attack behavior can be automatically identified, and complementation of the advantages of human intelligence and the advantages of artificial intelligence is realized.

公开(公告)号：US20220303303A1

公开(公告)日：2022-09-22

申请号：US17639108

申请日：2019-08-29

Applicant: Siemens Aktiengesellschaft

Inventor： Wen Tang ,  Shuo Wan

IPC: H04L9/40 ,  H04L41/22

Abstract: Various embodiments of the teachings herein include a method for security monitoring on an OT system. The method may include: determining a time range for calculation on data of the OT system; collecting from the OT system 10, data in the determined time range on a first aspect for security monitoring; calculating, based on data collected, an indicator on the first aspect; and visualizing the indicator on the aspect in a quantitative way.

公开(公告)号：US11223657B2

公开(公告)日：2022-01-11

申请号：US15559524

申请日：2016-03-18

Applicant: Siemens Aktiengesellschaft

Inventor： Uwe Blöcher ,  Rainer Falk ,  Jens Reinert ,  Wen Tang ,  Martin Wimmer

IPC: H04L29/06 ,  H04W12/03 ,  G06F21/62 ,  H04W12/02

Abstract: A one-way coupling device for the feedback-free transmission of data from the first network with high security requirements into a second network with low security requirements, containing a request unit, an eavesdropping unit and a receiving unit, wherein the request unit is formed so as to provide a first communication link within the first network to at least one device and, moreover, to request first data from the at least one device and then to transmit the first data via a second communication link on a separate line loop of the request unit, and the eavesdropping unit, which is formed so as to eavesdrop on data on the separate line loop and to transmit data to a receiving unit which is arranged in the second network. Also, a corresponding request unit, a corresponding method and a corresponding computer program product is also provided.