APPARATUS AND METHOD FOR DETECTING ANOMALITY SIGN IN CONTROLL SYSTEM
First Claim
1. An apparatus for detecting an abnormality sign in a control system, the control system comprising control equipments, network equipments, security equipments or server equipments, the apparatus comprising:
- an information collection module configured to collect system information, network information, security event information or transaction information in interworking with the control equipments, network equipments, security equipments or server equipments;
storage module that stores the information collected by the information collection module; and
an abnormality detection module configured to analyze a correlation between the collected information and a prescribed security policy to detect whether there is an abnormality sign in the control system.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus for detecting an abnormality sign in a control system, the control system comprising control equipments, network equipments, security equipments or server equipments, the apparatus includes an information collection module configured to collect system information, network information, security event information or transaction information in interworking with a control equipments, network equipments, security equipments or server equipments. The apparatus includes storage module that stores the information collected by the information collection module. The apparatus includes an abnormality detection module configured to analyze a correlation between the collected information and a prescribed security policy to detect whether there is an abnormality sign in the control system.
-
Citations
12 Claims
-
1. An apparatus for detecting an abnormality sign in a control system, the control system comprising control equipments, network equipments, security equipments or server equipments, the apparatus comprising:
-
an information collection module configured to collect system information, network information, security event information or transaction information in interworking with the control equipments, network equipments, security equipments or server equipments; storage module that stores the information collected by the information collection module; and an abnormality detection module configured to analyze a correlation between the collected information and a prescribed security policy to detect whether there is an abnormality sign in the control system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting an abnormality sign in a control system, the control system comprising control equipments, network equipments, security equipments or server equipments, the method comprising:
-
collecting system information, network information, security event information or transaction information in interworking with the control equipments, network equipments, security equipments or server equipments; deriving, in response to a request to detect the abnormality sign, a correlation between the collected information and a prescribed security policy; and detecting whether there is the abnormality sign based on the derived correlation. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification