阅读说明：本技术 工控主机软件加固方法及系统 (Industrial control host software reinforcement method and system ) 是由 张友平 于 2021-09-22 设计创作，主要内容包括：本申请涉及一种工控主机软件加固方法及系统,应用在软件安全防护领域,其中方法包括：扫描磁盘信息并根据扫描结果建立白名单数据库；若申请运行的进程数据位于白名单数据库之外,则发送并显示与进程数据相对应的弹框界面；接收用户输入的验证信息并根据预设的合法数据库判断验证信息的合法性；若验证信息合法且用户的选择为允许区域,则允许进程数据正常运行并关闭弹框界面；若验证信息合法且用户的选择为拒绝区域,则拒绝进程数据的运行并关闭弹框界面。本申请具有的技术效果是：白名单数据库与工控主机软件具有较高的匹配度和契合度,可以有效的针对未被允许的进程数据进行拦截,从而提升了工控主机软件的安全性。(The application relates to an industrial control host software reinforcement method and system, which are applied to the field of software safety protection, wherein the method comprises the following steps: scanning disk information and establishing a white list database according to a scanning result; if the process data applied for operation is located outside the white list database, a bullet frame interface corresponding to the process data is sent and displayed; receiving verification information input by a user and judging the validity of the verification information according to a preset legal database; if the verification information is legal and the selection of the user is an allowed area, allowing the process data to normally run and closing the bullet frame interface; and if the verification information is legal and the user selects a rejection area, rejecting the operation of the process data and closing the bullet frame interface. The application has the technical effects that: the white list database and the industrial control host software have high matching degree and integrating degree, and can effectively intercept the unallowed process data, so that the safety of the industrial control host software is improved.)

1. A method for reinforcing industrial control host software is characterized by comprising the following steps:

scanning the disk information of the industrial control host in an initial state, and acquiring all process data in the disk information according to a scanning result;

establishing a white list database according to the process data, wherein the white list database comprises all process data corresponding to the disk information in the initial state;

if the process data applied for operation are located in the white list database, allowing the process data to normally operate; if the process data applied for operation is located outside the white list database, a bullet frame interface corresponding to the process data is sent and displayed, wherein the bullet frame interface comprises an identity verification area for a user to input verification information, an allowance area and a rejection area for the user to select;

receiving verification information input by a user and judging the validity of the verification information according to a preset legal database; if the verification information is legal and the selection of the user is an allowed area, allowing the process data to normally run and closing the popup frame interface; and if the verification information is legal and the selection of the user is a rejection area, rejecting the operation of the process data and closing the popup frame interface.

2. The method of claim 1, wherein after allowing the process data to normally operate and closing the pop-up interface if the verification information is valid and the user's selection is an allowed area, further comprising:

adding the allowed process data to a preset database to be adjusted and recording the allowed times of the process data;

and when the allowed times of certain process data reach a preset first standard value, adding the process data to the white list database.

3. The method of claim 1, wherein after the rejecting the running of the process data and closing the box ejection interface if the verification information is valid and the user's selection is a rejection area, further comprising:

adding the rejected process data to a preset database to be adjusted and recording the times of rejection of the process data;

when the number of times that certain process data is rejected reaches a preset second standard value, adding the process data into a preset blacklist database;

the sending and displaying of the popup frame interface corresponding to the process data includes:

querying whether the process data is located within the blacklist database;

if the process data is located in the blacklist database, directly rejecting the process data;

and if the process data is located outside the blacklist database, sending and displaying a bullet frame interface corresponding to the process data.

4. The method according to claim 1, after receiving authentication information input by a user and determining validity of the authentication information according to a preset validity database, further comprising:

if the verification information is illegal, recording the times of illegal occurrence of the verification information input by the current user;

when the number of times of illegal occurrence of the verification information reaches a preset first safety value, locking the identity verification area and shooting the operation table by utilizing camera equipment to obtain image information;

and storing the image information to a preset abnormal database.

5. The method of claim 4, wherein the storing the image information into a predetermined anomaly database comprises:

identifying whether the image information contains portrait information or not; if yes, storing the image information to a preset abnormal database; otherwise, a contact way corresponding to the current user is correspondingly inquired in a preset legal information database, and alarm information related to the abnormal account number is sent to the current user according to the contact way.

6. The method of claim 1, further comprising, after the sending and displaying a popup interface corresponding to the process data:

recording the number of simultaneously displayed bullet frame interfaces;

and when the number of the simultaneously displayed bullet frame interfaces reaches a preset second safety value, closing the bullet frame interface which appears at first in the existing bullet frame interfaces and rejecting the process data corresponding to the closed bullet frames.

7. The method of claim 1, further comprising, after the sending and displaying a popup interface corresponding to the process data:

recording the number of the bullet frame interfaces displayed in a preset period;

if the number of the bullet frame interfaces displayed in the preset period is larger than a preset reasonable value, closing the bullet frame interfaces displayed in the preset period and rejecting the process data corresponding to the closed bullet frames.

8. An industrial control host software reinforcement system, characterized in that, the system includes:

the magnetic disk information scanning module (310) is used for scanning the magnetic disk information of the industrial control host in an initial state and acquiring all process data in the magnetic disk information according to a scanning result;

a database establishing module (320) for establishing a white list database according to the process information, wherein the white list database comprises all process data corresponding to the current disk information;

the bullet frame data management module (330) is used for allowing the process data to normally run if the process data applying for running is located in the white list database; if the process data applied for operation is located outside the white list database, a bullet frame interface corresponding to the process data is sent and displayed, wherein the bullet frame interface comprises an identity verification area for a user to input verification information, an allowance area and a rejection area for the user to select;

the process data management module (340) is used for receiving the verification information input by the user and judging the validity of the verification information according to a preset legal database; if the verification information is legal and the selection of the user is an allowed area, allowing the process data to normally run and closing the popup frame interface; and if the verification information is legal and the selection of the user is a rejection area, rejecting the operation of the process data and closing the popup frame interface.

9. A computer device comprising a memory and a processor, the memory having stored thereon a computer program that can be loaded by the processor and that executes the method according to any of claims 1 to 7.

10. A computer-readable storage medium, in which a computer program is stored which can be loaded by a processor and which executes the method of any one of claims 1 to 7.

Technical Field

The application relates to the technical field of software safety protection, in particular to a method and a system for reinforcing industrial control host software.

Background

With the promotion of national strong manufacturing strategy and the high integration of informatization and industrialization, the industrial control system has higher and higher risks and more severe situations. Because the industrial control network is a closed environment and is not directly communicated with the Internet, the terminal operating system is difficult to upgrade, meanwhile, enterprises cannot actively upgrade for the stability of the system and the continuity of the service, and the service time of the system is generally long, so a large amount of security holes are accumulated after the system runs for a long time.

In the process of implementing the application, the inventor finds that at least the following problems exist in the technology: because the industrial control network is not influenced by a networked closed environment, the traditional antivirus software is difficult to be suitable for the safety protection of industrial control host software due to the problems of compatibility, false killing rate and the like, so that the safety of the industrial control terminal is poor, and further great potential safety hazards are brought to safety production.

Disclosure of Invention

In order to improve the safety of industrial control host software, the application provides a method and a system for strengthening the industrial control host software.

In a first aspect, the application provides a method for reinforcing industrial control host software, which adopts the following technical scheme: the method comprises the following steps: scanning the disk information of the industrial control host in an initial state, and acquiring all process data in the disk information according to a scanning result;

establishing a white list database according to the process data, wherein the white list database comprises all process data corresponding to the disk information in the initial state;

if the process data applied for operation are located in the white list database, allowing the process data to normally operate; if the process data applied for operation is located outside the white list database, a bullet frame interface corresponding to the process data is sent and displayed, wherein the bullet frame interface comprises an identity verification area for a user to input verification information, an allowance area and a rejection area for the user to select;

receiving verification information input by a user and judging the validity of the verification information according to a preset legal database; if the verification information is legal and the selection of the user is an allowed area, allowing the process data to normally run and closing the popup frame interface; and if the verification information is legal and the selection of the user is a rejection area, rejecting the operation of the process data and closing the popup frame interface.

According to the technical scheme, the safe white list database corresponding to the current industrial control host software is created in an off-line environment in a local disk scanning mode and is used for intercepting unauthorized processes, and the white list database is obtained in a disk scanning information mode and has high matching degree and fitting degree with the current industrial control host software, so that the unauthorized process data can be effectively intercepted, and the safety of the industrial control host software is improved; meanwhile, for the process data which does not belong to the white list database, the users with the authority can allow or reject the current process data according to actual conditions, so that the smooth operation of the industrial control host software is ensured, and meanwhile, only the users with the authority can manage the process, so that the safety of the industrial control host software is further enhanced.

Preferably, after the allowing the process data to normally run and closing the pop-up frame interface if the verification information is legal and the user's selection is an allowed area, the method further includes:

adding the allowed process data to a preset database to be adjusted and recording the allowed times of the process data;

and when the allowed times of certain process data reach a preset first standard value, adding the process data to the white list database.

According to the technical scheme, the process data are stored in the database to be adjusted aiming at the allowed process data, if the allowed times of certain process data in the database to be adjusted reach a first standard value, namely, the process is allowed to run for many times by a user with authority, the process is judged to be a legal process, and the process data are adjusted from the database to be adjusted to the white list database, so that the effect of off-line updating of the white list database according to the actual operation behavior of the user is achieved; meanwhile, the process data to be audited in the database to be adjusted and the white list database are isolated from each other through the arrangement of the database to be adjusted, the process data which do not reach the standard are not allowed to be added into the white list database, the possibility that the white list database is polluted due to the fact that an operator audits certain abnormal process data by mistake is reduced, and therefore the safety of the white list database is further improved.

Preferably, after the rejecting the running of the process data and closing the pop-up frame interface if the verification information is legal and the user's selection is a rejection area, the method further includes:

adding the rejected process data to a preset database to be adjusted and recording the times of rejection of the process data;

when the number of times that certain process data is rejected reaches a preset second standard value, adding the process data into a preset blacklist database;

the sending and displaying of the popup frame interface corresponding to the process data includes:

querying whether the process data is located within the blacklist database;

if the process data is located in the blacklist database, directly rejecting the process data;

and if the process data is located outside the blacklist database, sending and displaying a bullet frame interface corresponding to the process data.

By the technical scheme, the process data are stored in the database to be adjusted aiming at the rejected process data, if the rejected times of a certain process data in the database to be adjusted reach a second standard value, namely, the user with the authority rejects the process for multiple times, the process is judged to be an illegal process, the process data are adjusted from the database to be adjusted to the blacklist database, and then when the process data reapply for operation, the operation request of the process data is automatically rejected; the effect of automatically establishing the blacklist database according to the actual operation behavior of the user is achieved, the number of processes needing to be processed by the user is reduced, and therefore the convenience degree in the operation process of the user is improved; meanwhile, the rejected process data are stored in the database to be adjusted, so that the user can quickly find the rejected process data from the database to be adjusted, the possibility that the user is difficult to make up after mistakenly rejecting certain process data is reduced, and the operation flexibility is improved.

Preferably, after the receiving the verification information input by the user and judging the validity of the verification information according to a preset validity database, the method further includes:

if the verification information is illegal, recording the times of illegal occurrence of the verification information input by the current user;

when the number of times of illegal occurrence of the verification information reaches a preset first safety value, locking the identity verification area and shooting the operation table by utilizing camera equipment to obtain image information;

and storing the image information to a preset abnormal database.

By the technical scheme, when the account information of the user is verified to be illegal for multiple times, the authentication area corresponding to the user is automatically locked, the current user is prevented from continuing authentication, the possibility that lawbreakers obtain the authentication identity through a password guessing method is reduced, and the safety of industrial control host software is further improved; when the authentication area is locked, the setting for shooting the operation table to obtain the image information has the evidence obtaining effect, so that when the account is locked under the condition that the user is unknown, the locked reason can be quickly found by checking the image information shot when the account is locked.

Preferably, the storing the image information to a preset abnormal database includes:

identifying whether the image information contains portrait information or not; if yes, storing the image information to a preset abnormal database; otherwise, a contact way corresponding to the current user is correspondingly inquired in a preset legal information database, and alarm information related to the abnormal account number is sent to the current user according to the contact way.

By the technical scheme, before the image information is stored, whether the image information contains the portrait information or not is checked, namely whether personnel exist at the operating platform when the identity verification area is locked or not is checked, and only the image data containing the portrait information is stored in the abnormal database, so that the invalid data amount in the abnormal database is reduced, and the internal memory pressure of the system is relieved; aiming at the condition that portrait information does not exist, the situation that a lawbreaker tries to acquire the verification identity through a remote means is automatically judged, and then alarm information is sent to the user according to the inquired contact way so as to remind the user to adjust the attacked identity information in time to reduce the risk of information leakage.

Preferably, after the sending and displaying the bullet frame interface corresponding to the progress data, the method further includes:

recording the number of simultaneously displayed bullet frame interfaces;

and when the number of the simultaneously displayed bullet frame interfaces reaches a preset second safety value, closing the bullet frame interface which appears at first in the existing bullet frame interfaces and rejecting the process data corresponding to the closed bullet frames.

According to the technical scheme, when the number of the simultaneously displayed bullet frame interfaces is large, namely the number of the accumulated bullet frame interfaces is abnormal, the first bullet frame interface is automatically closed and the process data corresponding to the closed bullet frame is rejected by using the mode of setting the second safety value; the method reduces the possibility that the industrial control host software is down due to system overload because a large number of elastic frames appear when the industrial control host software is attacked maliciously from the outside, and reduces the safety risk brought by the protection process of the system, thereby further improving the safety of the industrial control host software.

Preferably, after the sending and displaying the bullet frame interface corresponding to the progress data, the method further includes:

recording the number of the bullet frame interfaces displayed in a preset period;

if the number of the bullet frame interfaces displayed in the preset period is larger than a preset reasonable value, closing the bullet frame interfaces displayed in the preset period and rejecting the process data corresponding to the closed bullet frames.

According to the technical scheme, when a large number of bullet frame interfaces appear in a preset period, namely the number of bullet frames appearing in a short time is abnormal, the bullet frame interfaces displayed in the preset period are automatically closed, and process data corresponding to the closed bullet frames are rejected; the method reduces the possibility that the industrial control host software crashes due to sudden increase of data processing pressure in a short time because a large amount of elastic frame data suddenly appear in the industrial control host software due to external malicious attack, reduces the safety risk brought by the protection process of the system, and further improves the safety of the industrial control host software.

In a second aspect, the application provides an industrial control host software reinforcement system, which adopts the following technical scheme: the system comprises: the magnetic disk information scanning module is used for scanning the magnetic disk information of the industrial control host in an initial state and acquiring all process data in the magnetic disk information according to a scanning result;

the database establishing module is used for establishing a white list database according to the process information, and the white list database comprises all process data corresponding to the current disk information;

the bullet frame data management module is used for allowing the process data to normally run if the process data applied for running is located in the white list database; if the process data applied for operation is located outside the white list database, a bullet frame interface corresponding to the process data is sent and displayed, wherein the bullet frame interface comprises an identity verification area for a user to input verification information, an allowance area and a rejection area for the user to select;

the process data management module is used for receiving verification information input by a user and judging the validity of the verification information according to a preset legal database; if the verification information is legal and the selection of the user is an allowed area, allowing the process data to normally run and closing the popup frame interface; and if the verification information is legal and the selection of the user is a rejection area, rejecting the operation of the process data and closing the popup frame interface.

According to the technical scheme, the safe white list database corresponding to the current industrial control host software is created in an off-line environment in a local disk scanning mode and is used for intercepting unauthorized processes, and the white list database is obtained in a disk scanning information mode and has high matching degree and fitting degree with the current industrial control host software, so that the unauthorized process data can be effectively intercepted, and the safety of the industrial control host software is improved; meanwhile, for the process data which does not belong to the white list database, the users with the authority can allow or reject the current process data according to actual conditions, so that the smooth operation of the industrial control host software is ensured, and meanwhile, only the users with the authority can manage the process, so that the safety of the industrial control host software is further enhanced.

In a third aspect, the present application provides a computer device, which adopts the following technical solution: the computer program comprises a memory and a processor, wherein the memory is stored with a computer program which can be loaded by the processor and can execute any one of the industrial control host software reinforcement methods.

In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions: the computer program can be loaded by a processor and used for executing any one of the industrial control host software reinforcement methods.

In summary, the present application includes at least one of the following beneficial technical effects:

1. the method comprises the steps that a safe white list database corresponding to current industrial control host software is created in an off-line environment in a local disk scanning mode and is used for intercepting unauthorized processes, and the white list database is obtained in a disk scanning information mode and has high matching degree and fitting degree with the current industrial control host software, so that the unauthorized process data can be effectively intercepted, and the safety of the industrial control host software is improved;

2. the process data is stored in the database to be adjusted according to the allowed process data, if the allowed times of certain process data in the database to be adjusted reach a first standard value, namely, the user with authority allows the process to operate for multiple times, the process is judged to be a legal process, and the process data is adjusted from the database to be adjusted to the white list database, so that the effect of off-line updating of the white list database according to the actual operation behavior of the user is achieved;

3. storing the process data into a database to be adjusted aiming at the rejected process data, if the times of rejecting a certain process data in the database to be adjusted reach a second standard value, namely, a user with authority rejects the process for multiple times, judging that the process is an illegal process, adjusting the process data from the database to be adjusted into a blacklist database, and then automatically rejecting an operation request of the process data when the process data applies for operation again; therefore, the effect of automatically establishing the blacklist database according to the actual operation behavior of the user is achieved, the number of processes needing to be processed by the user is reduced, and convenience in the operation process of the user is improved.

Drawings

FIG. 1 is a flowchart illustrating a method for reinforcing industrial control host software according to an embodiment of the present disclosure.

Fig. 2 is an interface schematic diagram of a pop-up box in an embodiment of the present application.

FIG. 3 is a block diagram illustrating an architecture of a system for reinforcing industrial control host software according to an embodiment of the present disclosure.

Reference numerals: 310. a disk information scanning module; 320. a database establishing module; 330. a bullet frame data management module; 340. and a process data management module.

Detailed Description

The present application is described in further detail below with reference to figures 1-3.

The embodiment of the application discloses a method for reinforcing industrial control host software; the method is based on an industrial control host system, and a carrier of the industrial control host system can be a computer; the computer runs with industrial control host software, the running state of the host software is displayed through the display screen of the computer, a user can know the running state and running result of the industrial control host software according to the display of the display screen, and the operation and control of the industrial control host software can be realized through external equipment such as a mouse or a keyboard.

As shown in fig. 1, the method comprises the steps of:

and S10, scanning the disk information and establishing a white list database according to the scanning result.

Specifically, when the industrial control host is in an initial state, namely when the industrial control host is put into use for the first time, the magnetic disk scanning technology is utilized to quickly scan the magnetic disk information corresponding to the industrial control host, process data which need to be operated in the normal working process of the industrial control host corresponding to the magnetic disk information is obtained, and then the obtained process data is independently stored to establish a white list database; the white list database includes all process data corresponding to the current disk information, that is, the process data to be run is stored in the white list database.

And S20, judging whether the process data applied for operation is located in the white list database.

Specifically, if the process data currently applied for operation is located in the white list database, the process data is directly allowed to normally operate, so that the industrial control host software can normally work; if the process data applied for operation is located outside the white list database, judging the process data as unknown process data, sending the bullet frame interface information corresponding to the process data to a display screen, and displaying the received bullet frame interface information by the display screen; as shown in fig. 2, the pop-up box interface includes an authentication area for the user to input authentication information, and an allowance area and a rejection area for the user to select.

And S30, verifying the identity of the user and managing the data process according to the area selected by the user.

After a user inputs an account and a password in an identity authentication area through a keyboard, the user can upload filled data in a mode of clicking an Enter key, after receiving identity authentication information, a computer can authenticate the received identity authentication information according to a preset legal database, the legal database stores the account and the corresponding password with the authority in advance, if the account and the password which are consistent with the received identity authentication information are inquired in the legal database, the current user is judged to have the authority, and otherwise, the current user is judged not to have the authority. Receiving the region information selected by clicking of a user through a mouse aiming at the user with the authority, and if the user selects an allowable region, allowing the current process data to normally run and closing a popup frame interface; if the user selects the rejection area, rejecting the operation of the process data and closing the popup frame interface; in the actual operation process, the user can judge according to the actual situation, for example, if the current process is a safety process which is definitely known by the user, the user can choose to allow the process, otherwise, the user can choose to reject the process to ensure the safety of the system.

A white list database corresponding to the current industrial control host software is created in an off-line environment by scanning a local disk, and is used for intercepting unauthorized processes, so that the effect of safely reinforcing the industrial control host software is achieved; the white list database is obtained by scanning the disk information, has higher matching degree and integrating degree with the current industrial control host software, and can effectively intercept the unallowed process data, thereby improving the safety of the industrial control host software; meanwhile, only the user with the authority can manage the process, and the possibility that irrelevant personnel interfere with the running of the data process is reduced, so that the safety of the industrial control host software is further improved.

In one embodiment, considering the situation that the white list database is difficult to update in a networked manner when the industrial control host software is always in an offline working state, after a user selects an allowed area to allow the current process data to normally run, the allowed process data can be added into a preset database to be adjusted, the allowed times of the process data are recorded, and when the times of the process data accumulation allowed by the user in the database to be adjusted reach a preset first standard value, the process data are added into the white list database; for example, if the preset first standard value is 3 times, and the number of times that the running request of certain process data is clicked by the user for permission is accumulated to reach 3 times, it is determined that the process is a legal process, and the process data is added into the white list database; the safety of the process data is judged according to the mode of recording the actual operation of the user, when certain process data is verified as safe process data by the user for many times, the process data is automatically added to the white list database, so that the effect of automatically updating and perfecting the white list database in an off-line state is achieved, the updating content has higher matching degree with the current host industrial control software, the white list database can be continuously updated along with the lapse of the using time, the possibility that the user needs to repeatedly verify the process data which is clear and known to be safe is reduced, and the convenience of the user in the actual operation process is improved.

In one embodiment, considering the situation that the process requiring the user to perform judgment is continuously increased along with the time lapse, which results in more process data needing to be verified at the later stage of the user, after the user selects a rejection area to reject the operation of the process data, the rejected process data can be added into a preset database to be adjusted, and then the rejection times of the process data are recorded, and when the rejection times of a certain process data in the database to be adjusted by the user are accumulated to reach a preset second standard value, the process data are added into a preset blacklist database; for example, if the preset second standard value is 2 times, when the number of times that the operation request of certain process data is rejected by the user click is accumulated to reach 2 times, the process is determined to be an illegal process, and the process data is added into the blacklist database; the rejected process data are stored in the setting of the database to be adjusted, and the rejected process data are recorded, so that the possibility that the process data are difficult to find again after the process data are rejected by mistake when a user operates certain definite legal process data is reduced, and the fault tolerance of the user in the operation process is improved.

After creating the blacklist database, the step of sending and displaying the bullet box interface corresponding to the progress data may be further performed as: if the process data which is currently applied for operation is located outside the white list database, firstly judging whether the process data is located in the blacklist database, and if the process data is the process data in the blacklist database, directly rejecting an operation request of the process data; if the process data is located outside the blacklist database, namely the process data currently applied for operation is not located in the white list database or the blacklist database, sending and displaying a bullet frame interface corresponding to the process data, and judging the legal interaction of the process data by a user with authority; the process data rejected for many times are added into the blacklist database in a mode of recording the actual operation behaviors of the user, and the process data in the blacklist database can be automatically rejected to run, so that the number of processes needing to be processed by the user is reduced, and convenience in the operation process of the user is improved.

In one embodiment, considering that a lawless person without authority may obtain the authentication authority by guessing the password, after receiving the authentication information input by the user and determining the validity of the authentication information according to the preset legal database, the following steps may be further performed: if the verification result of the verification information is illegal, recording the times of the situation that the verification information input by the current user is illegal; when the number of times of illegal occurrence of the verification information reaches a preset first safety value, the authentication area is locked to prevent the current user from continuing to perform authentication operation, so that the possibility that lawbreakers obtain the authentication authority in a mode of continuously trying to guess the password is reduced, and the safety of the industrial control host software is further improved.

When the identity authentication area is locked, a camera arranged on a computer display screen can be used for shooting a keyboard operation area to obtain image information, and then the obtained image information is stored in a preset abnormal database, so that the effect of obtaining evidence of abnormal conditions is achieved, a user with authority can quickly know the reason why the identity authentication area is locked by checking the shot image information in the abnormal database, and then corresponding adjustment is made according to actual conditions; for example, if the reason that the authentication area is locked is known to be password guessing by a person who enters the authentication area by viewing the image information, the entry of the person who enters the authentication area can be reduced by enhancing security, so that the security of the industrial host software is further enhanced.

In one embodiment, in consideration of the situation that a lawless person may steal the user identity right through a remote operation, the step of storing the captured image information in a preset abnormal database may be specifically performed as follows: firstly, identifying whether image information is contained in shot image information or not by utilizing an image face identification technology, if the image information contains the image information, indicating that an operator really exists in front of a current display screen, and storing the image information carrying the specific operator into a preset abnormal database so as to facilitate later checking and evidence obtaining of a user; if the image information does not contain portrait information, that is, no operator exists in front of the current display screen, it is determined that a situation that a lawbreaker tries to acquire a verification identity through a remote means occurs, at this time, a contact way corresponding to the current user is correspondingly inquired in a preset legal information database, account numbers of all users with authority and contact ways corresponding to the account numbers are prestored in the legal information database, and the contact ways can be mobile phone numbers of the users; sending alarm information related to account abnormity to the user according to the acquired contact way so as to remind the user to change own password to improve safety; it should be noted that, if the account number input by the lawless person cannot be queried in the legal information database, no alarm information is sent. The action of adding the image information into the abnormal database is cancelled aiming at the image information which is judged to be remotely attacked by the lawbreaker, so that the invalid data volume in the abnormal database is reduced.

In one embodiment, the situation that a user is difficult to handle due to abnormity in the application of illegal process data when the user is attacked maliciously is considered; after the bullet frame interfaces corresponding to the process data are sent and displayed, the number of the bullet frame interfaces displayed at the same time can be recorded, and when the number of the bullet frame interfaces displayed at the same time reaches a preset second safety value, the bullet frame interface appearing at first in the existing bullet frame interfaces is closed, and the process data corresponding to the closed bullet frame are rejected; for example, if the preset second safety value is three, the maximum value of the number of the simultaneously-occurring bullet frames is allowed to be two, and when the number of the simultaneously-occurring bullet frames reaches three, the first occurring bullet frame is automatically closed and process data corresponding to the closed bullet frame is rejected; by setting the second safety value, the possibility that the industrial control host software is down due to system overload caused by a large number of elastic frames when the industrial control host software is attacked maliciously is reduced, and therefore the safety of the industrial control host software is further improved.

Further, after the bullet frame interfaces corresponding to the process data are sent and displayed, the number of the bullet frame interfaces displayed in a preset period can be recorded, and if the number of the bullet frame interfaces displayed in the preset period is larger than a preset reasonable value, the bullet frame interfaces displayed in the preset period are closed, and the process data corresponding to the closed bullet frames are rejected; for example, if the preset period is 0.1 second and the preset reasonable values are 2, if the number of the bullet frames appearing in the detection period of 0.1 second reaches three, automatically closing the three bullet frame interfaces and rejecting the process data corresponding to the closed bullet frame interfaces; by means of setting the reasonable value, the possibility that the industrial control host software is down due to short-time data impact caused by the fact that the quantity of process data applied to operate in a short time is increased suddenly when the industrial control host software is attacked maliciously is reduced, and therefore safety of the industrial control host software is further improved.

Further, after the bullet frame interfaces corresponding to the process data are sent and displayed, the display time of each bullet frame interface can be recorded, and when the time for continuously displaying a certain bullet frame interface reaches a preset limit value, the bullet frame interface is closed and the process data corresponding to the closed bullet frame are rejected; for example, the preset limit value is one hour, and if a certain bullet frame interface is not closed after being continuously displayed for one hour, the bullet frame interface is automatically closed and the process data corresponding to the closed bullet frame is rejected; therefore, the possibility that the popup frame interface occupies system resources due to long-time display caused by unmanned operation is reduced, and the data processing pressure of industrial control host software is reduced.

The implementation principle of the embodiment of the application is as follows: the method comprises the steps that a safe white list database corresponding to current industrial control host software is created in an off-line environment in a local disk scanning mode and is used for intercepting unauthorized processes, and the white list database is obtained in a disk scanning information mode and has high matching degree and fitting degree with the current industrial control host software, so that the unauthorized process data can be effectively intercepted, and the safety of the industrial control host software is improved; meanwhile, for the process data which does not belong to the white list database, the users with the authority can allow or reject the current process data according to actual conditions, so that the smooth operation of the industrial control host software is ensured, and meanwhile, only the users with the authority can manage the process, so that the safety of the industrial control host software is further enhanced.

Based on the method, the embodiment of the application also discloses an industrial control host software reinforcement system.

As shown in fig. 3, the system includes the following modules:

the disk information scanning module 310 is configured to scan disk information of the industrial control host in an initial state and obtain all process data in the disk information according to a scanning result;

the database establishing module 320 is configured to establish a white list database according to the process information, where the white list database includes all process data corresponding to the current disk information;

the bullet frame data management module 330 is configured to allow the process data to normally run if the process data applied for running is located in the white list database; if the process data applied for operation is located outside the white list database, a bullet frame interface corresponding to the process data is sent and displayed, wherein the bullet frame interface comprises an identity verification area for a user to input verification information, an allowance area and a rejection area for the user to select;

the process data management module 340 is configured to receive verification information input by a user and determine validity of the verification information according to a preset legal database; if the verification information is legal and the selection of the user is an allowed area, allowing the process data to normally run and closing the bullet frame interface; and if the verification information is legal and the user selects a rejection area, rejecting the operation of the process data and closing the bullet frame interface.

In one embodiment, the process data management module 340 is further configured to add the allowed process data to a preset database to be adjusted and record the number of times the process data is allowed; and when the allowed times of certain process data reach a preset first standard value, adding the process data to a white list database.

In one embodiment, the process data management module 340 is further configured to add the rejected process data to a preset database to be adjusted and record the number of times that the process data is rejected; and when the rejection frequency of certain process data reaches a preset second standard value, adding the process data into a preset blacklist database.

The bullet box data management module 330 is further configured to query whether the process data is located in the blacklist database; if the process data is located in the blacklist database, directly rejecting the process data; and if the process data is located outside the blacklist database, sending and displaying a bullet frame interface corresponding to the process data.

In one embodiment, the process data management module 340 is further configured to, if the verification information is illegal, record the number of times that the verification information input by the current user is illegal; when the number of times of illegal occurrence of the verification information reaches a preset first safety value, locking an identity verification area and shooting the operation table by utilizing camera equipment to obtain image information; and storing the image information into a preset abnormal database.

In one embodiment, the process data management module 340 is further configured to identify whether the image information includes portrait information; if yes, storing the image information into a preset abnormal database; otherwise, a contact way corresponding to the current user is correspondingly inquired in a preset legal information database, and alarm information related to the abnormal account number is sent to the current user according to the contact way.

In one embodiment, the bullet box data management module 330 is further configured to record the number of bullet box interfaces that are simultaneously displayed; and when the number of the simultaneously displayed bullet frame interfaces reaches a preset second safety value, closing the bullet frame interface which appears at first in the existing bullet frame interfaces and rejecting the process data corresponding to the closed bullet frames.

In one embodiment, the bullet frame data management module 330 is further configured to record the number of bullet frame interfaces displayed in a preset period; if the number of the bullet frame interfaces displayed in the preset period is larger than a preset reasonable value, closing the bullet frame interfaces displayed in the preset period and rejecting the process data corresponding to the closed bullet frames.

The embodiment of the application also discloses computer equipment.

Specifically, the computer device comprises a memory and a processor, wherein the memory stores a computer program which can be loaded by the processor and executes the industrial control host software reinforcement method.

The embodiment of the application also discloses a computer readable storage medium.

Specifically, the computer-readable storage medium stores a computer program capable of being loaded by a processor and executing the method for hardening the industrial control host software, and the computer-readable storage medium includes, for example: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The present embodiment is only for explaining the present invention, and it is not limited to the present invention, and those skilled in the art can make modifications of the present embodiment without inventive contribution as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present invention.