Gong-kuang zidonghua (Mar 2024)

Research on mine network security system based on boundary isolation and system protection

  • HE Yinjie,
  • LI Chenxin,
  • WEI Chunxian

DOI
https://doi.org/10.13272/j.issn.1671-251x.2023100008
Journal volume & issue
Vol. 50, no. 3
pp. 14 – 21

Abstract

Read online

With the continuous construction and promotion of intelligent mining information infrastructure, the switching of mine terminal equipment between private and public networks has introduced information security risks to the mine network. It is necessary to study the isolation boundaries of the mine network and build system protection measures. The study analyzes the main risks faced by the mine network, and points out that the key to dealing with risks is to define isolation boundaries, strengthen system protection measures, and develop specific underground equipments. In response to the needs of mine network security protection, three major isolation boundaries have been defined: business management network and industrial control network, transmission network and server area, and underground industrial control network and industrial control network on the ground. A mine network security system protection architecture based on boundary isolation and system protection is proposed. A mine network security system based on network, host, application, and data subsystems protection is designed, along with corresponding security transmission processes and protection ideas. In response to the current situation where mine network security protection mainly focuses on networks on the ground and lacks underground network security protection measures, a mine explosion-proof and intrinsically safety network interface has been developed as underground network security protection equipment. Corresponding protection rules have been formulated for industrial protocols commonly used in underground terminals such as Modbus, Profibus, IEC 61850, RTSP, etc. The test results show that the average recognition rate of the interface device against network attacks is 98.8%, the average protection rate is 98.0%, and the throughput of the gigabit interface is not less than 95% of the line speed. It achieves underground information security protection function and ensures data transmission performance.

Keywords