Title:
METHOD AND SYSTEM FOR IACS PACKET FLOW SECURITY MONITORING IN ASSOCIATION WITH NETWORK PACKET WHITELIST
Document Type and Number:
WIPO Patent Application WO/2021/107259
Kind Code:
A1
Abstract:
The present invention relates to a method and a system for security monitoring based on an industrial automation and control system (IACS) resource flow in an environment in which communication is performed using an industrial control protocol in an IACS network, the method comprising: monitoring a communication protocol between an operation device and a control device, and collecting a packet to configure a comparison network packet list for comparison with a reference whitelist; obtaining a skewness rate and a kurtosis rate for the number of packets in the network packet list within a reference time range, performing classification into a non-periodic whitelist, a quasi-periodic whitelist, and a periodic whitelist on the basis of the obtained skewness rate and kurtosis rate, and configuring a security policy; monitoring a specific information change for each process within a comparison time range; and detecting an abnormal symptom by comparing a process list with a general resident process characteristic, a quasi-sequence job process characteristic, a sequence job process characteristic, and a process characteristic.
More Like This:
Inventors:
KIM KI HYUN (KR)
PARK HYEO YONG (KR)
PARK HYEO YONG (KR)
Application Number:
PCT/KR2019/018704
Publication Date:
June 03, 2021
Filing Date:
December 30, 2019
Export Citation:
Assignee:
NNSP CO LTD (KR)
International Classes:
H04L29/06; H04L12/26; H04L29/08
Foreign References:
| KR101860395B1 | 2018-07-02 | |||
| KR101538709B1 | 2015-07-29 | |||
| KR20170079858A | 2017-07-10 | |||
| KR20190121483A | 2019-10-28 | |||
| EP3261322A1 | 2017-12-27 |
Attorney, Agent or Firm:
HONESTY & PATENT IP LAW FIRM (KR)
Download PDF: