-
公开(公告)号:US20200042747A1
公开(公告)日:2020-02-06
申请号:US16316205
申请日:2018-06-07
Inventor: Haibin YU , Peng ZENG , Wenli SHANG , Xianda LIU , Jianming ZHAO , Long YIN , Chunyu CHEN
Abstract: The present invention relates to a security processing unit of PLC and a bus arbitration method thereof, to provide PLC with an active defense means to build a PLC hardware and software security layer. On a hardware security layer, a part of hardware processing mechanism is added to support trusted measurement, encryption algorithms and signature algorithms, and a virtual isolation technology is used; and on a software security layer, transparent encryption and decryption, integrity verification, backup recovery and virtual isolation security mechanism are provided. The security processing aspect is improved to achieve the purpose of security and reliability. The present invention can correctly establish a trusted environment of PLC to ensure that PLC is guided by a strictly verified path. A new star type trusted structure is designed to reduce loss during information transmission and increase information transmission efficiency.
-
2.发明申请公开(公告)号:US20180288084A1
公开(公告)日:2018-10-04
申请号:US15572643
申请日:2017-04-17
Inventor: Wenli SHANG , Jianming ZHAO , Ming WAN , Xianda LIU , Long YIN , Peng ZENG , Haibin YU
Abstract: The present application discloses a method for automatically establishing an intrusion detection model based on an industrial control network, including: judging whether a first intrusion detection model meets preset detection requirements, and extracting communication behavior traffic data in real time if not; setting a training data set and a test date set according to the communication behavior traffic data; establishing an initial intrusion detection model according to the training data set; and testing the initial intrusion detection model using the test date set, and establishing a second intrusion detection model meeting the preset detection requirements according to the test result. The second intrusion detection model has high detection accuracy, thereby increasing intrusion detection rate of abnormal behavior and reducing false positive rate and false negative rate.
-
3.发明申请公开(公告)号:US20170329314A1
公开(公告)日:2017-11-16
申请号:US15527208
申请日:2014-12-30
Inventor: Wenli SHANG , Jianming ZHAO , Ming WAN , Peng ZENG , Haibin YU
IPC: G05B19/418 , H04L12/40
CPC classification number: G05B19/4185 , H04L12/40 , H04L12/40039 , H04L29/06 , H04L63/1425 , H04L2012/40228
Abstract: Proposed is an anomaly detection method for communication behaviours in an industrial control system based on an OCSVM algorithm. According to the present invention, a normal behaviour profile model and an abnormal behaviour profile model, i.e. a dual-outline model, of communication behaviours in an industrial control system are established, parameter optimization is performed by means of a particle swarm optimization (PSO) algorithm, an optimal intrusion detection model is obtained, and abnormal Modbus TCP communication traffic is identified. According to the present invention, the false alarm rate is reduced by means of cooperative discrimination of the dual-outline detection model, the efficiency and reliability of anomaly detection are improved, and the method is more applicable to practical applications.
-
4.发明申请公开(公告)号:US20170331513A1
公开(公告)日:2017-11-16
申请号:US15527955
申请日:2014-12-22
Inventor: Wei LIANG , Haibin YU , Bo YANG , Xiaoling ZHANG
CPC classification number: H04B1/713 , H04B1/405 , H04B1/7143 , H04B2001/1045 , H04W16/02 , H04W72/0426 , H04W72/12
Abstract: The present invention relates to wireless network technology and presents a permutation group-based channel rendezvous method for a multi-antenna cognitive radio network, allowing a cognitive user equipped with multiple antennas to achieve blind channel rendezvous without the need for clock synchronisation. The present invention defines channel hopping sequences whilst making full use of properties such as channel diversity, the closure nature of permutation groups, and multi-antenna concurrency; based on the permutation groups obtained by rotating a regular polyhedron or a regular polygon around different angles according to different types of axes of symmetry, cyclical splicing is implemented, and different antennas can, according to different rules, independently generate hopping sequences and switching channels; the sequence generating methods are various and flexible; the use of parallel search ensures that deterministic rendezvous with other cognitive users is achieved as quickly as possible and as much as possible in a limited time; and the present method is a highly efficient blind channel rendezvous method having wide applicability and suitable for use in large-scale wireless networks.
-
公开(公告)号:US20230304936A1
公开(公告)日:2023-09-28
申请号:US18318045
申请日:2023-05-16
Inventor: Lanxiang SUN , Haibin YU , Shuo LI , Zhibo CONG , Yang LI , Wei DONG
IPC: G01N21/71
CPC classification number: G01N21/718 , G01N2201/023 , G01N2201/0218
Abstract: An online detection device underwater elements includes an LIBS system in a sealing pressure chamber and an external airflow control system. The airflow control system has a gas probe bin and a gas source. An opening is formed at one end of the gas probe bin while the other end and the sealing pressure chamber are hermetically partitioned through a glass window. A laser in the LIES system outputs laser to an underwater object surface to be detected for generating plasma spectra. A spectrometer collects plasma spectra returned along an original optical path. When the device operates in water, the balance gas storage tank produces gas with the same pressure as underwater. A flow model is invoked according to the current water pressure to accurately control the air flow rate to form a stable gas environment in the gas probe, which improves the plasma excitation and collection efficiency.
-
Patent Agency Ranking
公开(公告)号:US20210119908A1
公开(公告)日:2021-04-22
申请号:US17041530
申请日:2019-12-19
IPC: H04L12/725 , H04L12/741 , H04L12/46
Abstract: The present invention discloses a data forwarding unit based on a Handle identifier, comprising a dynamic configuration module, a Handle identifier data identification module and a matching-forwarding module. The system of the present invention is applied to network devices such as switches and routers, and supports dynamic configuration of data packet analysis, matching and forwarding rules through data interaction with network systems such as SDN managers, so that the network devices can identify data packets based on the Handle identifier and perform the specified operation on the designated data packets with the Handle identifier according to the rules of dynamic configuration.
-
公开(公告)号:US20200042711A1
公开(公告)日:2020-02-06
申请号:US16316269
申请日:2018-05-07
Inventor: Haibin YU , Peng ZENG , Wenli SHANG , Jianming ZHAO , Xianda LIU , Long YIN , Chunyu CHEN
IPC: G06F21/57 , G06F9/4401
Abstract: A method for starting a trusted embedded platform based on TPM industrial control includes taking a Core Root of Trust Measurement (CRTM) as a source of a trust chain and executing CRTM after electrifying an embedded platform; conducting trust measurement of BIOS and starting BIOS after passing measurement; BIOS measuring Bootloader and extending a measured value into PCR corresponding to TPM; after passing the measurement, transferring a control execution right to Bootloader; and Bootloader measuring OS kernel start process, recording a measured value into PCR of TPM, and executing a start flow of OS after passing the measurement. The method performs measurement before start of each part of a start process, and measured values are also stored in the PCR corresponding to TPM. When the start process is tampered by an attacker, an integrity measurement mechanism terminates the execution of a program, thereby ensuring the security of the embedded platform.
-
公开(公告)号:US20190253444A1
公开(公告)日:2019-08-15
申请号:US16317493
申请日:2018-05-07
Inventor: Haibin YU , Peng ZENG , Wenli SHANG , Jianming ZHAO , Xianda LIU , Long YIN , Chunyu CHEN
CPC classification number: H04L63/1425 , G05B19/05 , G06F21/44 , H04L29/06 , H04L63/0435 , H04L63/0823 , H04L63/102
Abstract: The present invention relates to a dynamic security method and system based on multi-fusion linkage response. In the method, a site control device conducts active response and passive response through identity authentication and key management to give an alarm for abnormal behaviors. The system comprises an access authentication active response module, an access control active response module, an access control passive response module, an abnormal pretending passive response module, a key vulnerability passive response module and an abnormal state passive response mechanism module. On the basis of ensuring validity and feasibility for the security of a terminal device, the present invention can build a secure and trusted industrial control system operating environment.
-
公开(公告)号:US20190069183A1
公开(公告)日:2019-02-28
申请号:US16073023
申请日:2017-05-18
Inventor: Wei LIANG , Haibin YU , Bo YANG , Meng ZHENG , Shiwei PENG , Shiming LI
Abstract: The present invention relates to a Torus-Quorum based channel rendezvous method for directional antennas. A pair of directional antennas facing any side initially points to the other party mutually in one Torus-Quorum system cycle through a rotation closure attribute of a Torus-Quorum system; and a receiver and a sender switch to a same available channel according to frequency hopping sequences to realize channel rendezvous. In the Torus-Quorum based channel rendezvous method for directional antennas proposed in the present invention, the directional antennas are rotated based on the Torus-Quorum, and elements are ensured to coincide with each other within limited time through the rotation closure attribute of the Torus-Quorum system, i.e., directions are opposite, thereby effectively shortening channel rendezvous time of the directional antennas.
-
公开(公告)号:US20180285127A1
公开(公告)日:2018-10-04
申请号:US15572624
申请日:2017-03-14
Inventor: Wenli SHANG , Jianming ZHAO , Ming WAN , Dianbo LI , Shichao LI , Peng ZENG , Haibin YU
IPC: G06F9/4401 , G05B19/042 , G05B19/05 , G06F8/61
Abstract: The present invention discloses a method for trusted booting of PLC based on a measurement mechanism, comprising the following steps: a step of initializing self firmware verification; a step of reading and computing firmware information about a PLC; a step of checking and storing one by one; and a step of verifying at the operation start stage. In the method of the present invention, a chip with a trusted function is used as a core of hardware computation. The PLC extends a Flash bus for loading by hardware of the method of the present invention. The hardware of the method of the present invention recognizes necessary boot information, verifies the integrity of the boot loader necessary for the PLC system through the integrity check method and ensures that the booted PLC system is in a trusted state. On the basis of ensuring validity and feasibility for the safety of a terminal device, the present invention can build a safe and trusted industrial control system operating environment.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.016 seconds)
