CN-119128414-B - Internet-based management and control analysis system

Abstract

The invention discloses an internet-based management and control analysis system, which comprises the following steps of collecting and processing industrial internet data information, carrying out data cleaning and persistence processing on the collected industrial internet data information, carrying out operation analysis and optimization management of the industrial internet, and carrying out safety alarm control management of the industrial internet. The process of collecting the industrial Internet data information comprises the steps of starting a thread monitoring port to collect the industrial Internet data information, receiving data according to the corresponding port, and writing in manufacturer information. The data cleaning and persistence processing of the acquired industrial Internet data information comprises the steps of classifying and cleaning the received data, classifying different types of data generated by different equipment from different manufacturers, and filtering and filling data information fields. The invention has the characteristics of high safety and high-efficiency analysis and management.

Inventors

• Request for anonymity

Assignees

• 山东实树信息科技有限公司

Dates

Publication Date

20260508

Application Date

20240718

Claims (2)

1. 1. The Internet-based management and control analysis method is characterized by comprising the following steps of: s101, collecting and processing industrial Internet data information, wherein the method comprises the following steps of: Starting a thread monitoring port to collect industrial Internet data information, receiving data according to the corresponding port, and writing in manufacturer information; Starting a plurality of threads to monitor a plurality of ports, customizing monitoring ports corresponding to preset manufacturers, giving values of the preset manufacturers to data received by different ports, starting the plurality of threads to monitor respectively according to different probe manufacturers, collecting industrial Internet data information, receiving data according to the corresponding ports, and writing the manufacturer information; s102, performing data cleaning and persistence processing on the acquired industrial Internet data information, wherein the method comprises the following steps of: s1021, classifying and cleaning the received data, classifying different types of data generated by different equipment from different manufacturers, and filtering and filling data information fields; Firstly, after determining a manufacturer according to a manufacturer field of a JSON object, matching rules in equipment sub-nodes corresponding to the JSON object and the manufacturer node to determine the type of equipment to which the JSON object belongs, matching rules in version sub-nodes corresponding to the JSON object and the equipment node to determine equipment version information to which the JSON object belongs, further matching rules in data type sub-nodes of the JSON object and the corresponding equipment version node, transmitting the data type to a tree type matching rule tree consisting of rule nodes after determining the data type, enabling records processed by the matching tree to carry data detail type fields, and filtering useless fields in the records to reduce matching difficulty of each type of data; S1022, permanently writing the data received and cleaned by the data platform into an elastic search or message queue Kafka for other services; the method comprises the steps that a multithreading asynchronous batch mode is adopted for data writing operation, an atomic reference and concurrency safe container is used for avoiding multithreading safety problems, data in a cache are regularly extracted, batch writing is carried out on the data in an elastic search, and meanwhile data with relatively small data quantity are written in a message queue Kafka for other services; s103, performing operation analysis optimization management of the industrial Internet; comprising the following steps: s1031, after receiving the data information of which the data cleaning and persistence processing are finished, further carrying out normalization processing on the data information to unify the structural contents; According to the frequency and the data quantity of industrial Internet data, adopting different measures to perform data normalization processing, reporting traffic data which is more frequent and exceeds a set threshold value respectively, performing aggregation query from an elastic search through a timing task according to a set time condition, processing assets, alarms and vulnerabilities of which the data quantity is less than the set threshold value by adopting information in subscription Kafka, starting a thread at regular time according to the timing task to perform aggregation query on corresponding indexes in the elastic search through a source IP, a source port, a destination IP and a destination port, performing aggregation query on the time, and converting query results into a unified traffic format of a system; S1032, carrying out data flow analysis optimization treatment on the data information after the normalization treatment of the data information is completed; Firstly judging whether the type of alarm generates a collapse alarm or not, generating a unique identifier through a plurality of basic attributes of the alarm, merging an event, if the alarm exists, adding a process to alarm data of the alarm, if the alarm does not exist, warehousing the alarm, calculating an asset risk value corresponding to the alarm, verifying the vulnerability data stream, namely, if the vulnerability does not have corresponding asset data, discarding the data, otherwise, creating an asset vulnerability association object, and storing or updating the asset vulnerability association object into a database for service retrieval by a web module; s1033, adopting Debezium to monitor PostgresQL database change information, and sending the information to a message queue Kafka for control and management; First, paging search is performed in an elastic search by a search condition, and then search is performed in a relational database by a primary key ID acquired from the elastic search, so as to increase the search speed of the database S104, safety alarm control management of the industrial Internet is conducted.
2. 2. The Internet-based management and control analysis method as defined in claim 1, wherein the performing of the security alarm control management of the industrial Internet comprises: performing display processing on vulnerability information existing in the current industrial Internet by establishing a display page, and providing an interface for inquiring asset vulnerabilities and inquiring historical vulnerabilities for users; The page is further displayed to provide an alarm list, alarm statistics and alarm setting for the user, so that the user can view basic information of the alarm through the page, and meanwhile, the creation of a disposal task is supported, and the use satisfaction degree of the user is effectively improved.

Description

Internet-based management and control analysis system Technical Field The invention relates to the technical field of Internet, in particular to a management and control analysis system based on Internet. Background In recent years, digitization and informatization in fields such as industry and manufacturing industry are receiving attention from various countries around the world. The existing production modes of industry, manufacturing industry and the like mainly adopt an automation mode based on a local area network, and the production modes of industry, manufacturing industry and the like are gradually changed into an intelligent production mode which is more and more tightly coupled with the Internet along with the development of advanced Internet technologies such as big data, artificial intelligence, block chain and the like. The industrial internet becomes the basis for industrial informatization. In an industrial internet control system, a network is a bridge for industrial data transmission, and the data drives industrial intellectualization. The security of protecting network and data is a precondition for improving efficiency and reducing cost of industrial internet, thereby creating value. At present, the traditional independent segmentation protection strategies such as firewall, intrusion detection, vulnerability scanning, virus sandboxes and other network security technologies are difficult to effectively cope with, information cannot be effectively shared among all devices, and vulnerabilities, threats encountered and attacks suffered in the current network environment cannot be presented in multiple angles. Therefore, it is necessary to design an internet-based management and control analysis system with high security and efficient analysis and management. Disclosure of Invention The present invention is directed to an internet-based management and control analysis system, which solves the problems set forth in the background art. In order to solve the technical problems, the invention provides the following technical scheme that the management and control analysis method based on the Internet comprises the following steps: collecting and processing industrial Internet data information; Carrying out data cleaning and persistence processing on the acquired industrial Internet data information; performing operation analysis optimization management of the industrial Internet; And carrying out safety alarm control management of the industrial Internet. According to the above technical scheme, the collecting and processing the industrial internet data information includes: And starting a thread monitoring port to collect industrial Internet data information, receiving data according to the corresponding port, and writing in manufacturer information. According to the above technical scheme, the data cleaning and persistence processing for the collected industrial internet data information comprises: Classifying and cleaning the received data, classifying different types of data generated by different equipment from different manufacturers, and filtering and filling data information fields; And (3) permanently writing the data received and cleaned by the data platform into an elastic search or message queue Kafka for other services. According to the technical scheme, the operation analysis optimization management of the industrial internet comprises the following steps: after receiving the data information of which the data cleaning and persistence processing are finished, further carrying out normalization processing on the data information to unify the structural content; after normalization processing of the data information is completed, data flow analysis optimization processing is carried out on the data information; Debezium is adopted to monitor PostgresQL database change information and send the information to a message queue Kafka for control management. According to the technical scheme, the safety alarm control management of the industrial internet comprises the following steps: performing display processing on vulnerability information existing in the current industrial Internet by establishing a display page, and providing an interface for inquiring asset vulnerabilities and inquiring historical vulnerabilities for users; The page is further displayed to provide an alarm list, alarm statistics and alarm setting for the user, so that the user can view basic information of the alarm through the page, and meanwhile, the creation of a disposal task is supported, and the use satisfaction degree of the user is effectively improved. According to the above technical scheme, an internet-based management and control analysis system includes: the acquisition processing module is used for acquiring and processing the industrial Internet data information; The optimization management module is used for performing operation analysis optimization management of the industrial Internet; and the cont