Research on mine network security system based on boundary isolation and system protection
-
摘要: 随着智能矿山信息基础设施不断建设推广,矿井终端设备在专网与公网间的切换为矿井网络引入信息安全隐患,需研究矿井网络隔离边界并构建系统防护手段。分析了矿井网络面临的主要风险,指出应对风险的关键是定义隔离边界、强化系统防护手段及研发特定井下设备。针对矿井网络安全防护需求,定义了经营管理网络与工业控制网络、传输网络与服务器区域、井下与井上工业控制网络三大隔离边界。提出了基于边界隔离与系统防护的矿井网络安全系统防护架构,设计了基于网络、主机、应用和数据4个子系统防护的矿井网络安全系统及相应的安全传输流程和防护思路。针对目前矿井网络安全防护主要侧重井上网络、缺少井下网络安全防护手段的情况,研发了矿用隔爆兼本安型网络接口作为井下网络安全防护设备,针对Modbus、Profibus、IEC 61850、RTSP等井下终端常用的工业协议制定了相应的防护规则。测试结果表明,该接口设备对网络攻击的平均识别率为98.8%,平均防护率为98.0%,千兆接口吞吐量不低于线速的95%,实现了井下信息安全防护功能,并保障了数据传输性能。Abstract: With the continuous construction and promotion of intelligent mining information infrastructure, the switching of mine terminal equipment between private and public networks has introduced information security risks to the mine network. It is necessary to study the isolation boundaries of the mine network and build system protection measures. The study analyzes the main risks faced by the mine network, and points out that the key to dealing with risks is to define isolation boundaries, strengthen system protection measures, and develop specific underground equipments. In response to the needs of mine network security protection, three major isolation boundaries have been defined: business management network and industrial control network, transmission network and server area, and underground industrial control network and industrial control network on the ground. A mine network security system protection architecture based on boundary isolation and system protection is proposed. A mine network security system based on network, host, application, and data subsystems protection is designed, along with corresponding security transmission processes and protection ideas. In response to the current situation where mine network security protection mainly focuses on networks on the ground and lacks underground network security protection measures, a mine explosion-proof and intrinsically safety network interface has been developed as underground network security protection equipment. Corresponding protection rules have been formulated for industrial protocols commonly used in underground terminals such as Modbus, Profibus, IEC 61850, RTSP, etc. The test results show that the average recognition rate of the interface device against network attacks is 98.8%, the average protection rate is 98.0%, and the throughput of the gigabit interface is not less than 95% of the line speed. It achieves underground information security protection function and ensures data transmission performance.
-
-
![]()
图 3 工业控制网络与经营管理网络安全传输拓扑
Figure 3. Security transmission topology of industrial control network and business management network
![]()
图 4 传输网络与服务器区域安全传输拓扑
Figure 4. Security transmission topology of transmission network and server area
![]()
图 6 KJJ83(A)矿用隔爆兼本安型网络接口设计
Figure 6. Design of KJJ83(A) mine explosion-proof and intrinsically safety network interface
![]()
图 7 井下集成式网络安全防护设备部署网络拓扑
Figure 7. Network topology of underground integrated network security protection equipment deployment
![]()
图 8 KJJ83(G)矿用隔爆兼本安型网络接口设计
Figure 8. Design of KJJ83(G) mine explosion-proof and intrinsically safety network interface
![]()
图 9 井下独立式网络安全防护设备部署网络拓扑
Figure 9. Network topology of underground stand-alone network security protection equipment deployment
-
[1] 王国法,刘峰,庞义辉,等. 煤矿智能化——煤炭工业高质量发展的核心技术支撑[J]. 煤炭学报,2019,44(2):349-357. WANG Guofa,LIU Feng,PANG Yihui,et al. Coal mine intellectualization:the core technology of high quality development[J]. Journal of China Coal Society,2019,44(2):349-357.
[2] 杨军,张超,杨恢凡,等. 煤炭工业互联网技术研究综述[J]. 工矿自动化,2023,49(4):23-32. YANG Jun,ZHANG Chao,YANG Huifan,et al. Research summary on coal industry Internet technology[J]. Journal of Mine Automation,2023,49(4):23-32.
[3] 王可冰,张立亚,姜玉峰,等. 煤矿5G融合通信管理平台研究[J]. 中国矿业,2023,32(1):76-81,99. WANG Kebing,ZHANG Liya,JIANG Yufeng,et al. Research on management platform of coal mine 5G converged communication[J]. China Mining Magazine,2023,32(1):76-81,99.
[4] 杨利刚. 煤矿专网与运营商公网对接方案技术的研究与探索[J]. 中国煤炭工业,2022(11):76-77. YANG Ligang. Research and exploration of the technology for connecting coal mine private networks with operator public networks[J]. China Coal Industry,2022(11):76-77.
[5] 李闪光,张金其,刘宇翔. 基于4G+5G技术的煤矿多网融合通信系统设计及研究[J]. 长江信息通信,2023,36(1):183-185. LI Shanguang,ZHANG Jinqi,LIU Yuxiang. Design and research of coal mine multi network integrated communication system based on 4G+5G technology[J]. Changjiang Information & Communications,2023,36(1):183-185.
[6] 岳涛. 煤矿网络安全等级保护建设方案[J]. 煤矿现代化,2022,31(5):114-118. YUE Tao. Construction scheme of network security grade protection in coal mine[J]. Coal Mine Modernization,2022,31(5):114-118.
[7] 赵初峰. 网络安全系统在智能化矿山中的应用[J]. 煤矿机械,2022,43(10):203-205. ZHAO Chufeng. Application of network security system in intelligent mine[J]. Coal Mine Machinery,2022,43(10):203-205.
[8] 白永明,郭林生,吴学明,等. 彬长矿业5G智能矿井建设与信息安全思考[J]. 中国煤炭,2022,48(7):107-115. BAI Yongming,GUO Linsheng,WU Xueming,et al. Thoughts on 5G intelligent mine construction and information security of Binchang Mining Group[J]. China Coal,2022,48(7):107-115.
[9] 闫光杰. 智能化煤矿工业控制系统网络安全分析及防护实践[J]. 软件,2023,44(1):144-146. YAN Guangjie. Network security analysis and protection practice of intelligent coal mine industrial control system[J]. Software,2023,44(1):144-146.
[10] 刘辛颖. 矿山通信网络信息安全问题及改善对策——评《基于超宽带无线电的矿山无线通信技术研究》[J]. 有色金属工程,2023,13(4):147. LIU Xinying. Information security issues and improvement strategies in mining communication networks-review of Research on mining wireless communication technology based on ultra wideband radio[J]. Nonferrous Metals Engineering,2023,13(4):147.
[11] 钟兆华,刘清涛. 煤矿网络安全等级保护建设规划分析[J]. 智能矿山,2022,3(4):83-89. ZHONG Zhaohua,LIU Qingtao. Analysis on construction planning of network security classified protection of cybersecurity in coal mine[J]. Journal of Intelligent Mine,2022,3(4):83-89.
[12] 权晓鹏. 智能矿井工控网络安全防护系统研究与实践[J]. 煤,2021,30(4):76-78. QUAN Xiaopeng. Research and practice of intelligent mine industrial control network security protection system[J]. Coal,2021,30(4):76-78.
[13] 中国煤炭工业协会信息化分会. 基于工业互联网的煤炭企业信息化基础设施建设白皮书(2022版)[R]. 北京:中国煤炭工业协会,2022. Information Technology Branch of China National Coal Association. White paper on construction of coal enterprise information infrastructure based on industrial Internet (2022 edition) [R]. Beijing:China National Coal Association,2022.
[14] 连龙飞,甘波平,于洋. 煤炭企业网络安全管理策略研究[J]. 煤炭经济研究,2021,41(11):63-67. LIAN Longfei,GAN Boping,YU Yang. Research on network security management strategy of coal enterprises[J]. Coal Economic Research,2021,41(11):63-67.
[15] 顾闯. 煤炭企业工控网络安全防护与预测方法研究[J]. 煤炭科学技术,2019,47(11):143-147. GU Chuang. Study on safety protection and prediction method of industrial control network in coal enterprises[J]. Coal Science and Technology,2019,47(11):143-147.
[16] 张立亚,李晨鑫,刘斌,等. 矿山物联网区块链机制研究[J]. 工矿自动化,2022,48(8):10-15. ZHANG Liya,LI Chenxin,LIU Bin,et al. Research on blockchain mechanism of mine Internet of things[J]. Journal of Mine Automation,2022,48(8):10-15.
[17] 张春坡. 黑岱沟露天煤矿工业控制网络安全防护技术研究与应用[J]. 煤炭工程,2021,53(增刊1):144-148. ZHANG Chunpo. Security protection for industrial control network of Heidaigou Open-pit Coal Mine[J]. Coal Engineering,2021,53(S1):144-148.
[18] 孙磊,孙淑昕,王博文,等. 煤矿企业数据中心网络安全服务链技术研究[J]. 工矿自动化,2022,48(7):149-154. SUN Lei,SUN Shuxin,WANG Bowen,et al. Research on network security service chain technology of data center in coal mine enterprise[J]. Journal of Mine Automation,2022,48(7):149-154.
[19] 崔文,李浩荡,丁震,等. 露天煤矿5G网络建设与网络安全研究[J]. 工矿自动化,2021,47(增刊1):36-38. CUI Wen,LI Haodang,DING Zhen,et al. Research on 5G network construction and network safety in open-pit coal mine[J]. Industry and Mine Automation,2021,47(S1):36-38.
[20] GB/T 22239−2019 信息安全技术 网络安全等级保护基本要求[S]. GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity[S].
[21] 陈勋,张德栋,赵英明,等. 基于等级保护2.0的中小型企业网络安全建设研究[J]. 铁路计算机应用,2021,30(8):46-51. CHEN Xun,ZHANG Dedong,ZHAO Yingming,et al. Network security construction for small and medium-sized enterprise based on classified protection 2.0 of cybersecurity[J]. Railway Computer Application,2021,30(8):46-51.
[22] 刘伯驹. 基于等保2.0网络安全和信息防御体系研究[J]. 中国安防,2021(8):89-91. LIU Boju. Network security and information defense system based on classified protection 2.0 of cybersecurity[J]. China Security & Protection,2021(8):89-91.
-
期刊类型引用(2)
1. 崔永全,田利华. 基于物联网5G通信技术的移动网络信息安全传输方法. 长江信息通信. 2025(01): 177-179 . 
百度学术
2. 任晓衡. 黄玉川煤矿网络安全设计及策略应对. 科技与创新. 2025(05): 176-178+183 . 百度学术
其他类型引用(0)
下载:
计量
- 文章访问数: 127
- HTML全文浏览量: 27
- PDF下载量: 38
- 被引次数: 2
