CN108737417A - A kind of vulnerability checking method towards industrial control system - Google Patents
A kind of vulnerability checking method towards industrial control system Download PDFInfo
- Publication number
- CN108737417A CN108737417A CN201810492275.XA CN201810492275A CN108737417A CN 108737417 A CN108737417 A CN 108737417A CN 201810492275 A CN201810492275 A CN 201810492275A CN 108737417 A CN108737417 A CN 108737417A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- data packet
- industry control
- protocol
- agreement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000001514 detection method Methods 0.000 claims abstract description 48
- 238000012360 testing method Methods 0.000 claims abstract description 13
- 238000004458 analytical method Methods 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 7
- 239000000523 sample Substances 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 5
- 238000013461 design Methods 0.000 claims description 3
- 238000007689 inspection Methods 0.000 claims 1
- 238000010276 construction Methods 0.000 abstract description 5
- 238000004891 communication Methods 0.000 description 10
- 230000004044 response Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000007547 defect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 2
- 230000003319 supportive effect Effects 0.000 description 2
- 230000004083 survival effect Effects 0.000 description 2
- 206010068052 Mosaicism Diseases 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010924 continuous production Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000008595 infiltration Effects 0.000 description 1
- 238000001764 infiltration Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 239000012466 permeate Substances 0.000 description 1
- 239000003208 petroleum Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003362 replicative effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000010865 sewage Substances 0.000 description 1
- 210000003765 sex chromosome Anatomy 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000032258 transport Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/26—Special purpose or proprietary protocols or architectures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of vulnerability checking method towards industrial control system:Network detection based on Industrial Ethernet feature is carried out to target environment, identify industrial control equipment and captures session data packet.Data packet is parsed according to industry control protocol specification and proprietary protocol reversal technique, and construction feature code data packet carries out further system detection, obtains specific finger print information.Aspect ratio based on the proprietary vulnerability database of industry control carries out relevant Hole Detection to matching the vulnerability information of target based on policy-driven.Fuzz testing is carried out based on industry control agreement fragility, excavate the security breaches of industry control grid and detects its Security Vulnerability.The present invention detects security risk by carrying out vulnerability checking to industry control target, prior to network attack person, improves industrial control system security reliability.
Description
Technical field
The invention belongs to field of computer technology, especially industry control security fields.The present invention provides one kind towards industry control
The vulnerability checking method of system, for detecting industrial control system Security Vulnerability.
Background technology
Industrial control system is national critical infrastructures important component, be widely used in petroleum and petrochemical industry, water conservancy,
The industrial circles such as electric power, food processing and sewage disposal are mainly used for data acquisition and production control etc..The industry control of early stage
Industrial control system is physically isolated with internet, and mostly uses special software and hardware greatly, so even there are security risk in industrial control system,
But the external world is both difficult to touch industrial control system or is difficult to that the research to industrial control system is unfolded.But as computer technology is in work
Extensive use in industry environment, universal computing device, the general-purpose operating system start the realization for industrial control system, industry control agreement
ICP/IP protocol structure is started based on, traditional industrial control system has gradually broken previous closure and monopoly so that
The threat that conventional internet system is faced is spread in industrial control system environment.Industrial control system safety is concerning economic development, society
It can stablize and national security, the security study for industrial control system are extremely urgent.
Industrial control system fragility:Different from conventional internet system, industrial control system is functionally more heavily weighted toward in real time
Property and reliability, whole system framework and communication protocol do not account for safety factor, safety policy and managing system at the beginning of design
Degree is formulated not perfect;Due to system compatible sex chromosome mosaicism, industrial control system do not upgrade usually, not patch installing, therefore transports for a long time
Capable industrial control system can accumulate a large amount of security breaches, these defects make industrial control system very fragile in face of network attack,
So that industry control security status is become " inadequate natural endowment will be lost and support the day after tomorrow " by industry personnel.
Vulnerability scanning refers to the Security Vulnerability using the means such as scanning detection destination host or network, concurrent existing utilization
Loophole a kind of safety detection technology, belong to mainstream safety detection technology with fire wall and Intrusion Detection Technique one.But,
Fire wall and Intrusion Detection Technique belong to passive defensive measure, and Vulnerability-scanning technology then belongs to a kind of strick precaution of active and arranges
It applies, the security reliability of itself can be improved before the non-attacking system network of invader.
Existing vulnerability scanning method includes mainly following several:
1) vulnerability scanning of Intrusion Detection based on host.The method uses passive, nondestructive method to examine goal systems
Survey, generally involve the kernel of system, file attribute, operating system patch the problems such as, can very accurate positioning system
The problem of, system vulnerability is found in time.Its advantage is it is obvious that but since it is desired that each destination host in goal systems is pacified
Dress agency and some specific softwares, do not meet the positioning and configuration of host in industrial control system environment, thus be difficult industry with
It is applicable in netting very much.
2) network-based vulnerability scanning.The method examines goal systems using active, nondestructive method
It surveys, is generally divided into two kinds of means of active scan and simulated strike.During active scan, vulnerability scanning system is directed to target master
The information such as the port assignment of machine or network, software and hardware configuration, anonymous login and the service of offer are scanned, and according to these letters
Breath judges the vulnerability information of goal systems;And simulated strike this be using specific script to system carry out simulated strike, and point
It analyses attacking as a result, to judge system with the presence or absence of the possibility collapsed;Common attack method has buffer overflow, password to attack
It hits, distributed denial of service attack.In addition, this method also tests to goal systems based on known loophole, its peace is assessed
Full fragility.But the Vulnerability-scanning technology based on traditional network, network detection data packet may be because industrial fireproof wall and peace
The presence of full gateway and cannot achieve Intranet infiltration, to effectively being detected to target network.
Agreement is reverse:Procotol refers to when two or more terminals carry out message exchange, format that message should follow with
And terminal receives the operation that these message should execute;And agreement reverse (Protocol Reverse) refers to informal
In the case that agreement describes, the parameter of agreement, the process of format and semantic normalization are inferred.Modern agreement, which inversely mainly has, is divided into two
Kind:Method based on binary file and the method based on network flow.
Invention content
On the basis of work on hand, it is an object of the invention to:It is proposed a kind of vulnerability checking towards industrial control system
Method, solving existing vulnerability checking method, not strong, system detects the not deep and privately owned association of industry control to Industrial Ethernet applicability
The problems such as discussing supportive difference.
The technical scheme is that:A kind of vulnerability checking method towards industrial control system, it is characterized in that using asymptotic
The scanning strategy of layering does Industrial Ethernet based on industry control protocol suite and equipment feature the network detection of active, and to catching
It obtains data packet and carries out protocol analysis and reverse;Industrial equipment is done according to the format of protocol analysis and syntactic constructs particular data packet
Further system detection;It establishes the special vulnerability database of industry control and carries out comparing;Fuzzy survey is carried out based on industry control agreement fragility
Examination excavates the security breaches of industry control grid and detects its Security Vulnerability;
The present invention specifically includes following steps:
1) network detection based on industry control ethernet environment;
2) according to the resolve packet of industry control disclosure agreement collection;
3) analysis of the unknown industry control protocol data packet based on existing protocol reversal technique;
4) particular data packet is constructed according to protocol analysis result and further system detection is done to industry control Ethernet;
5) data based on industry control vulnerability database and system detection do aspect ratio pair, and carry out Hole Detection;
6) it is based on industry control agreement fragility and carries out fuzz testing, detect its Security Vulnerability.
Further:
In step 1), to target industry control environment carry out vulnerability scanning premise network environment detect, be connected to industry with
Too net under the premise of, using industrial control equipment have periodicity sending inquire data packet characteristic, will capture in industry control environment into
The network packet of row data interaction;In addition, the detection for carrying out network topology to target Industrial Ethernet is also in the step
One of hold, the title of industrial control equipment in target network, the essential informations such as address of interchanger can be detected, are to be further
The basis of system detection.
In step 2), gives the data packet captured to industry control protocol suite and judge, to find corresponding communication protocol, so as to
Specific inquiry data packet and vulnerability checking are constructed according to the characteristic of agreement.
In step 3), this step is not disclose to illustrate for insurmountable industrial control field proprietary protocol in previous step
Document, protocol suite cannot judge the data packet of unknown protocol, the benefit done to parse the deficiency of its content and feature
It fills;According to existing agreement reversal technique, under the premise of not contacting unknown protocol document, extracted in it from network flow packet
Syntax and semantics, and combine communication protocol priori, conclude the template and rule of its data packet.
In step 4), according to protocol analysis as a result, in conjunction with network detection Industrial Ethernet in broadcast address and be applicable in
The essential information of agreement, the particular data packet that construction meets industry control communication feature carry out profound system detection;Using principal and subordinate
Pattern, active broadcast send particular data packet and intercept and capture the data packet of target industrial control equipment response, and mesh is obtained according to protocol characteristic
Specifying information of marking device, such as station type, manufacturer, unit type, firmware version etc..
In step 5), after completing network detection and the with different levels information detection of system detection, after the vulnerability scanning method
Continuous process is namely based on the proprietary vulnerability database of the industry control established in advance, by the specifying information of industrial control equipment, especially model and admittedly
Part version compares with industry control vulnerability database, matches loophole existing for the equipment, in conjunction with the policy-driven mechanism of user demand,
Hole Detection can be carried out to target.
In step 6), scanned in Industrial Ethernet after the loophole of industrial control equipment according to appeal step, in order to more complete
Ground detects the fragility of target, and safety factor is not considered based on industry control Protocol Design and realization, to logical in target network
Believe that agreement carries out fuzz testing, excavates its security breaches to improve its Security Vulnerability, more completely to assess the industry
The safety of Ethernet.
By using above technical scheme, the present invention has the following advantages:
1. strong applicability:The present invention is the vulnerability checking method proposed towards industrial control system, is different from for traditional net
The detection technique of network is essentially characterized in that, using industrial specialized protocol and equipment feature, construction particular data packet carries out system
Detection has great advantage for obtaining industrial control system underlying device information tool.
2. with strong points:The proprietary vulnerability database of industry control that the present invention is established is based on industrial control system safety defect, and using special
Matched data comparison method is levied, the low defect of original detection method Hole Detection accuracy rate is improved.
3. agreement coverage rate is high:The present invention is directed to the basis of reality of industry control proprietary protocol substantial amounts, reverse using agreement
Technology does unknown protocol data packet the application for inversely greatly improving the detection method under a variety of industry control environment;In addition,
Based on the fuzz testing of industry control agreement, existing vulnerability database can be supplemented, more completely detects its Security Vulnerability.
Description of the drawings
Fig. 1 is the structural schematic diagram of the vulnerability checking method towards industrial control system of the embodiment of the present invention.
Fig. 2 is the object of experiment industry control network topological diagram in the embodiment of the present invention.
Fig. 3 is the flow chart of network detection part in Fig. 1.
Fig. 4 is the flow chart of system probe portion in Fig. 1.
Fig. 5 is the flow chart of fuzz testing part in Fig. 1
Specific implementation mode
With reference to related description figure and embodiment, the present invention will be further described, and the example is to be based on Modbus/TCP
Communication protocol carries out for the industry control network of data interaction.Fig. 2 is the target Industrial Ethernet network for the vulnerability scanning of being carried out
Topological diagram, Quantum PLC are the programmable logic controller (PLC)s of Industry Control manufacturer Schneider, wherein CPU module support and work
Cheng Shizhan carries out the data interaction of Modbus/TCP agreements, and ethernet module can provide abundanter interaction according to user demand
Means, and Modbus master-slave equipment replicating machines station is the common PC machines of the corresponding Modbus services of operation.The present invention is directed to propose one
Vulnerability checking method of the kind towards industrial control system, is detected for loophole present in Industrial Ethernet, to reduce industrial field
Security risk and raising industrial control system security reliability in scape.
The first step:Based on network insertion mouth, network detection is carried out to target Industrial Ethernet, because industrial protocol starts base
It is built in TCP/IP, so carrying out inner-mesh network topology probe using traditional network detection means.As started target in Fig. 3
Network detection thread carries out network environment host identification first.Ping Scan is mainly used for detecting the addresses IP of host, generally
The network information is unknown for attacker or penetration testing personnel in fact, and obtaining network essential information by Ping Scan is
Carry out the basis of vulnerability scanning and invasion.The ICMP ECH0 request bags that ICMP types are 8 are sent to target network, and waiting is
The no ICMP ECH0 response bags for being recovered to ICMP types and being 0, judge the host survival condition of target network according to replying;When
Firewall configuration prevents ICMP ECH0 flows, then it is 13 to be scanned by non-ECH0 and send an ICMP type to target
Whether the ICMP ADDRESS MASK request bags that ICMP TIMESTAMP request bags or ICMP types are 13, waiting receive
Response bag.After determining target network host survival condition, in order to obtain more effective miniport service information, it can attempt to and deposit
Host living enlivens port and establishes connection, and the difference based on different operating system and software version obtains specific version information.Together
When, according to the inquiry request feature of industry control network device periodically, start capture packet thread, capture destination host and corresponding
The interaction data of service.
Second step:The data packet captured is given to industry control protocol suite to judge, identify data packet based on communication
Agreement extracts effective information.It is based on for example, Modbus master-slave equipments station can be parsed from the data packet captured
Modbus/TCP is interacted, and main equipment periodically sends out the different request data package of function to from equipment, including coil and
Register read etc.;Equally, disclosure agreement Modbus/TCP protocol suites are based on, engineer station can be parsed to Quantum PLC
Issue the flow of program and the condition code of special command.Based on information extraction, in the communication for learning Unity Pro and PLC
Some off-gauge function codes are used, it can be achieved that terminating the function of PLC CPU, it can in the industry control environment for lacking authentication mechanism
To carry out data packet playback, serious Denial of Service attack is caused.
Third walks:In order to improve applicability of the scan method in industrial control field, based on privately owned in industrial control condition
Custom protocol data rich, this step are reverse mainly for that can not be carried out according to the data on flows packet that industry control protocol suite is parsed
The work of parsing.The reverse key technology of agreement based on network flow packet is that protocol format extraction and protocol status are inferred.Base
In the incremental learning of data packet, key field point effectively is carried out to unknown protocol data packet using alive data domain and byte-aligned
It cuts;Based on the priori to protocol data, length field and verification data therein domain (if the proprietary protocol presence) is found out,
This provides the construction of follow-up data packet the support in template and rule.More agreement is shifted for state, for example is based on
Modbus/TCP interacts data, and state change is first to establish TCP connection, is passing through Modbus requests and response data
Packet transmission data, in-between process can irregular transmission TCP determine packet, prevent, etc. after data transmissions, there will be corresponding
TCP wave for tetra- times;And the dedicated S7 agreements of Siemens, then there can be COTP numbers between TCP connection and S7COMM data transmissions
According to connection request and response.For unknown industry control agreement, agreement inversely infers have using state machine to the transfer of its state
More specific effective information, such as unit type and firmware version can be detected conducive to the function of system probe data packet,
Improve the matched accuracy of loophole.
4th step:Template and rule based on the target industry control environment applicable protocols that previous work parses, according to Fig. 4 institutes
The step of showing carries out profound system detection.It is public in real time based on crucial domain construction according to the packet structure of protocol analysis
Agreement or the probe data packet of unknown protocol are opened, based on specific objective is sent in target network environment, waits number of responses to be received
According to packet;If not being successfully transmitted or being not received by response bag, detection data is reconfigured in conjunction with agreement priori
Packet.It is after having successfully received the response data packet of detection target, then rule-based that information extraction is carried out to data packet, if extraction letter
Include the specific version information of detection target in breath, is then based on the proprietary vulnerability database of industry control and carries out comparing, otherwise combine agreement
State machine adjusts the structure of probe data packet, retransmits.
5th step:Comparing is a kind of common data matching method, by will wait for correction data and reference data into
Row comparison, matches the information of needs.According to the work detected for the with different levels network detection of industry control Ethernet and system
The specifying information of equipment, such as station type, station name, manufacturer, device identification, firmware model and firmware version are controlled, with
Related data in the proprietary vulnerability database of industry control compares, and matches loophole existing for target device;It is assisted in combining target network communication
The feature of view obtains its relevant fragility in conjunction with industrial control system information bank and vulnerability database, based on the corresponding peace of policy mechanism scheduling
Full vulnerability checking remotely permeates engineer station such as the detection of Network Environment, to local after the local permission of acquisition
Software Unity Pro carry out DLL abduction, it is blocked to issue PLC orders;Modbus communications protocol is held in Network Environment
It is subject to man-in-the-middle attack, implementation record is reset and the vulnerability checking of refusal service.
6th step:After completing to the vulnerability scanning of test target and detection, to the parsing of data packet in can working above
The reverse achievement with agreement, and industry control agreement priori is utilized, fuzz testing is carried out (such as to the communication protocol in target network
Shown in Fig. 5), its potential loophole is excavated, its Security Vulnerability is more completely detected.
To sum up, the present invention can effectively solve existing vulnerability checking method to Industrial Ethernet applicability not strong, system
The problems such as detection is not goed deep into and industry control proprietary protocol is supportive poor.
Claims (8)
1. a kind of vulnerability checking method towards industrial control system, it is characterised in that:Using the scanning strategy of asymptotic layering,
The network detection of active is done to Industrial Ethernet based on industry control protocol suite and equipment feature, and agreement is carried out to capture data packet
It parses and reverse;Further system is done according to the format of protocol analysis and syntactic constructs particular data packet to industrial equipment to visit
It surveys;It establishes the special vulnerability database of industry control and carries out comparing;Fuzz testing is carried out based on industry control agreement fragility, excavates industrial control system
The security breaches of network simultaneously detect its Security Vulnerability.
2. the vulnerability checking method according to claim 1 towards industrial control system, it is characterised in that include the following steps:
1) network detection based on industry control ethernet environment and packet capture, and pass to data packet analysis module;
2) according to the resolve packet of industry control disclosure agreement collection
3) analysis of the unknown industry control protocol data packet based on existing protocol reversal technique;
4) particular data packet is constructed according to protocol analysis result and further system detection is done to industry control Ethernet, obtain equipment tool
Body information;
5) data based on industry control vulnerability database and system detection do aspect ratio pair, and carry out Hole Detection;
6) it is based on industry control agreement fragility and carries out fuzz testing, detect its Security Vulnerability.
3. the vulnerability checking method according to claim 2 towards industrial control system, it is characterized in that in step 1), with work
Control agreement be based on ICP/IP protocol structure, network detection technology it is detectable go out Industrial Ethernet environment in industrial control equipment title
With the essential informations such as interchanger broadcast address, the interaction data packet of industry control master-slave equipment can be also captured.
4. the vulnerability checking method according to claim 2 towards industrial control system is based on work it is characterized in that in step 2)
Control protocol suite judges network detection capture data packet, is parsed to data packet with finding corresponding agreement.
5. the vulnerability checking method according to claim 2 towards industrial control system is based on work it is characterized in that in step 3)
The data packet of proprietary protocol interaction is controlled, step 2) can not provide solution, using the agreement reversal technique based on network flow,
Rule is done to data packet by protocol information classification policy, format and grammar extraction strategy and template parses.
6. the vulnerability checking method according to claim 2 towards industrial control system utilizes step it is characterized in that in step 4)
It is rapid that the probe data packet of particular configuration and intercepting and capturing actively 2) are sent using master slave mode with the resolve packet structure of step 3)
The returned data packet of underlying device is compared by industrial control equipment library and obtains device type, title, mark, address, firmware version letter
The specifying informations such as breath.
7. the vulnerability checking method according to claim 2 towards industrial control system, it is characterized in that in step 5), based on building
The proprietary vulnerability database of vertical industry control compares with equipment specifying information in step 4), obtains vulnerability information and carries out industry control loophole inspection
It surveys.
8. the vulnerability checking method according to claim 2 towards industrial control system is based on work it is characterized in that in step 6)
Control agreement Lay Importance on Practical, reliability and lack the design of safety, fuzz testing is carried out to disclosure agreement and proprietary protocol, is dug
It digs the security breaches of test target and detects its fragility.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810492275.XA CN108737417A (en) | 2018-05-16 | 2018-05-16 | A kind of vulnerability checking method towards industrial control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810492275.XA CN108737417A (en) | 2018-05-16 | 2018-05-16 | A kind of vulnerability checking method towards industrial control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108737417A true CN108737417A (en) | 2018-11-02 |
Family
ID=63938804
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810492275.XA Pending CN108737417A (en) | 2018-05-16 | 2018-05-16 | A kind of vulnerability checking method towards industrial control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108737417A (en) |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109558736A (en) * | 2018-11-22 | 2019-04-02 | 浙江国利网安科技有限公司 | A kind of unknown threat construction method of industry and threaten generation system |
| CN109768887A (en) * | 2019-01-11 | 2019-05-17 | 四川大学 | A kind of method of automatic mining industry control flow period feature |
| CN109873737A (en) * | 2019-01-31 | 2019-06-11 | 杭州迪普科技股份有限公司 | A kind of test method and device |
| CN109901551A (en) * | 2019-03-05 | 2019-06-18 | 烽台科技(北京)有限公司 | Information acquisition method, information acquisition device and the terminal device of industrial control equipment |
| CN110166440A (en) * | 2019-04-26 | 2019-08-23 | 中国人民解放军战略支援部队信息工程大学 | Print protocol vulnerability analysis method and system |
| CN110191021A (en) * | 2019-05-29 | 2019-08-30 | 北京百度网讯科技有限公司 | A kind of protocol testing method, device, electronic equipment and storage medium |
| CN110430223A (en) * | 2019-09-12 | 2019-11-08 | 北京京航计算通讯研究所 | Vehicle control system network security detection system based on multilevel feedback queue |
| CN110493254A (en) * | 2019-09-03 | 2019-11-22 | 国家计算机网络与信息安全管理中心 | Industrial Yunan County's overall evaluating method and device |
| CN110505111A (en) * | 2019-07-09 | 2019-11-26 | 杭州电子科技大学 | The industry control agreement fuzz testing method reset based on flow |
| CN110868408A (en) * | 2019-11-07 | 2020-03-06 | 广州安加互联科技有限公司 | Industrial control equipment safety detection method and system based on industrial protocol analysis |
| CN110995733A (en) * | 2019-12-12 | 2020-04-10 | 江苏亨通工控安全研究院有限公司 | Intrusion detection system in industrial control field based on remote measuring technology |
| CN111026012A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
| CN111272255A (en) * | 2018-12-05 | 2020-06-12 | 陕西思科锐迪网络安全技术有限责任公司 | Method for monitoring water level border crossing of Siemens S7-PLC water storage tank |
| CN111277547A (en) * | 2018-12-05 | 2020-06-12 | 陕西思科锐迪网络安全技术有限责任公司 | Method for monitoring Siemens S7-PLC setting internal clock |
| CN111294347A (en) * | 2020-01-22 | 2020-06-16 | 奇安信科技集团股份有限公司 | Safety management method and system for industrial control equipment |
| CN111314289A (en) * | 2019-12-26 | 2020-06-19 | 青岛海天炜业过程控制技术股份有限公司 | Method for identifying industrial control protocol dangerous communication data based on Ethernet |
| CN111327636A (en) * | 2020-03-10 | 2020-06-23 | 西北工业大学 | S7-300PLC private protocol reverse method relating to network security |
| CN111427305A (en) * | 2020-03-29 | 2020-07-17 | 博智安全科技股份有限公司 | Method for Siemens P L C vulnerability mining |
| CN111709009A (en) * | 2020-06-17 | 2020-09-25 | 杭州安恒信息技术股份有限公司 | Detection method and device for networked industrial control system, computer equipment and medium |
| CN111723377A (en) * | 2020-06-17 | 2020-09-29 | 中国电子信息产业集团有限公司第六研究所 | Platform vulnerability assessment method and device, electronic equipment and storage medium |
| CN111752586A (en) * | 2020-06-23 | 2020-10-09 | 上海交通大学 | Method and system for detecting unrepaired bugs of cross-architecture embedded equipment firmware |
| CN113364746A (en) * | 2021-05-24 | 2021-09-07 | 湖南华菱涟源钢铁有限公司 | Equipment identification method, device, equipment and computer storage medium |
| CN113507449A (en) * | 2021-06-17 | 2021-10-15 | 北京惠而特科技有限公司 | Deep identification method and device for GE private protocol |
| CN114676438A (en) * | 2022-04-15 | 2022-06-28 | 电子科技大学 | Quick detection method for multi-dimensional vulnerability of hardware system |
| CN115065568A (en) * | 2022-08-19 | 2022-09-16 | 北京珞安科技有限责任公司 | Industrial control network intrusion detection method and system |
| CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468267A (en) * | 2014-11-24 | 2015-03-25 | 国家电网公司 | Information safety penetration testing method for distribution automation system |
| US20160050225A1 (en) * | 2014-08-13 | 2016-02-18 | Honeywell International Inc. | Analyzing cyber-security risks in an industrial control environment |
| CN106161426A (en) * | 2016-06-08 | 2016-11-23 | 北京工业大学 | A kind of vulnerability scanning method being applied to industry Internet of Things |
| CN106656657A (en) * | 2016-11-11 | 2017-05-10 | 北京匡恩网络科技有限责任公司 | Adaptive vulnerability mining framework based on industrial control protocol |
| CN107612733A (en) * | 2017-09-19 | 2018-01-19 | 杭州安恒信息技术有限公司 | A kind of network audit and monitoring method and its system based on industrial control system |
-
2018
- 2018-05-16 CN CN201810492275.XA patent/CN108737417A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160050225A1 (en) * | 2014-08-13 | 2016-02-18 | Honeywell International Inc. | Analyzing cyber-security risks in an industrial control environment |
| CN104468267A (en) * | 2014-11-24 | 2015-03-25 | 国家电网公司 | Information safety penetration testing method for distribution automation system |
| CN106161426A (en) * | 2016-06-08 | 2016-11-23 | 北京工业大学 | A kind of vulnerability scanning method being applied to industry Internet of Things |
| CN106656657A (en) * | 2016-11-11 | 2017-05-10 | 北京匡恩网络科技有限责任公司 | Adaptive vulnerability mining framework based on industrial control protocol |
| CN107612733A (en) * | 2017-09-19 | 2018-01-19 | 杭州安恒信息技术有限公司 | A kind of network audit and monitoring method and its system based on industrial control system |
Non-Patent Citations (2)
| Title |
|---|
| 工控系统漏洞扫描技术的研究: "王欢欢", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 王继业: "电力工控系统攻击仿真验证关键技术研究", 《电力信息与通信技术》 * |
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109558736A (en) * | 2018-11-22 | 2019-04-02 | 浙江国利网安科技有限公司 | A kind of unknown threat construction method of industry and threaten generation system |
| CN109558736B (en) * | 2018-11-22 | 2022-12-09 | 浙江国利网安科技有限公司 | Industrial unknown threat construction method and threat generation system for enriching industrial control system attack samples |
| CN111272255A (en) * | 2018-12-05 | 2020-06-12 | 陕西思科锐迪网络安全技术有限责任公司 | Method for monitoring water level border crossing of Siemens S7-PLC water storage tank |
| CN111277547A (en) * | 2018-12-05 | 2020-06-12 | 陕西思科锐迪网络安全技术有限责任公司 | Method for monitoring Siemens S7-PLC setting internal clock |
| CN109768887A (en) * | 2019-01-11 | 2019-05-17 | 四川大学 | A kind of method of automatic mining industry control flow period feature |
| CN109873737A (en) * | 2019-01-31 | 2019-06-11 | 杭州迪普科技股份有限公司 | A kind of test method and device |
| CN109901551A (en) * | 2019-03-05 | 2019-06-18 | 烽台科技(北京)有限公司 | Information acquisition method, information acquisition device and the terminal device of industrial control equipment |
| CN110166440A (en) * | 2019-04-26 | 2019-08-23 | 中国人民解放军战略支援部队信息工程大学 | Print protocol vulnerability analysis method and system |
| CN110191021A (en) * | 2019-05-29 | 2019-08-30 | 北京百度网讯科技有限公司 | A kind of protocol testing method, device, electronic equipment and storage medium |
| CN110191021B (en) * | 2019-05-29 | 2021-04-30 | 北京百度网讯科技有限公司 | Protocol testing method and device, electronic equipment and storage medium |
| CN110505111A (en) * | 2019-07-09 | 2019-11-26 | 杭州电子科技大学 | The industry control agreement fuzz testing method reset based on flow |
| CN110505111B (en) * | 2019-07-09 | 2020-12-01 | 杭州电子科技大学 | Industrial control protocol fuzzy test method based on flow playback |
| CN110493254A (en) * | 2019-09-03 | 2019-11-22 | 国家计算机网络与信息安全管理中心 | Industrial Yunan County's overall evaluating method and device |
| CN110430223B (en) * | 2019-09-12 | 2021-07-02 | 北京京航计算通讯研究所 | Vehicle control system network safety detection system based on multistage feedback queue |
| CN110430223A (en) * | 2019-09-12 | 2019-11-08 | 北京京航计算通讯研究所 | Vehicle control system network security detection system based on multilevel feedback queue |
| CN110868408A (en) * | 2019-11-07 | 2020-03-06 | 广州安加互联科技有限公司 | Industrial control equipment safety detection method and system based on industrial protocol analysis |
| CN111026012A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
| CN110995733A (en) * | 2019-12-12 | 2020-04-10 | 江苏亨通工控安全研究院有限公司 | Intrusion detection system in industrial control field based on remote measuring technology |
| CN111314289B (en) * | 2019-12-26 | 2022-04-22 | 青岛海天炜业过程控制技术股份有限公司 | Method for identifying industrial control protocol dangerous communication data based on Ethernet |
| CN111314289A (en) * | 2019-12-26 | 2020-06-19 | 青岛海天炜业过程控制技术股份有限公司 | Method for identifying industrial control protocol dangerous communication data based on Ethernet |
| CN111294347A (en) * | 2020-01-22 | 2020-06-16 | 奇安信科技集团股份有限公司 | Safety management method and system for industrial control equipment |
| CN111294347B (en) * | 2020-01-22 | 2022-06-10 | 奇安信科技集团股份有限公司 | Safety management method and system for industrial control equipment |
| CN111327636A (en) * | 2020-03-10 | 2020-06-23 | 西北工业大学 | S7-300PLC private protocol reverse method relating to network security |
| CN111327636B (en) * | 2020-03-10 | 2021-05-07 | 西北工业大学 | S7-300PLC private protocol reverse method relating to network security |
| CN111427305A (en) * | 2020-03-29 | 2020-07-17 | 博智安全科技股份有限公司 | Method for Siemens P L C vulnerability mining |
| CN111427305B (en) * | 2020-03-29 | 2021-09-24 | 博智安全科技股份有限公司 | Method for Siemens PLC vulnerability mining |
| CN111709009A (en) * | 2020-06-17 | 2020-09-25 | 杭州安恒信息技术股份有限公司 | Detection method and device for networked industrial control system, computer equipment and medium |
| CN111723377A (en) * | 2020-06-17 | 2020-09-29 | 中国电子信息产业集团有限公司第六研究所 | Platform vulnerability assessment method and device, electronic equipment and storage medium |
| CN111723377B (en) * | 2020-06-17 | 2023-02-07 | 中国电子信息产业集团有限公司第六研究所 | Platform vulnerability assessment method and device, electronic equipment and storage medium |
| CN111752586A (en) * | 2020-06-23 | 2020-10-09 | 上海交通大学 | Method and system for detecting unrepaired bugs of cross-architecture embedded equipment firmware |
| CN111752586B (en) * | 2020-06-23 | 2024-04-02 | 上海交通大学 | Cross-architecture embedded device firmware unrepaired vulnerability detection method and system |
| CN113364746A (en) * | 2021-05-24 | 2021-09-07 | 湖南华菱涟源钢铁有限公司 | Equipment identification method, device, equipment and computer storage medium |
| CN113507449A (en) * | 2021-06-17 | 2021-10-15 | 北京惠而特科技有限公司 | Deep identification method and device for GE private protocol |
| CN114676438A (en) * | 2022-04-15 | 2022-06-28 | 电子科技大学 | Quick detection method for multi-dimensional vulnerability of hardware system |
| CN115065568A (en) * | 2022-08-19 | 2022-09-16 | 北京珞安科技有限责任公司 | Industrial control network intrusion detection method and system |
| CN115065568B (en) * | 2022-08-19 | 2022-12-20 | 北京珞安科技有限责任公司 | Industrial control network intrusion detection method and system |
| CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
| CN116318783B (en) * | 2022-12-05 | 2023-08-22 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108737417A (en) | A kind of vulnerability checking method towards industrial control system | |
| CN103200230B (en) | Based on the vulnerability scanning method of Mobile agent | |
| CN108809951A (en) | A kind of penetration testing frame suitable for industrial control system | |
| KR101883400B1 (en) | detecting methods and systems of security vulnerability using agentless | |
| CN112347485B (en) | Processing method for acquiring loopholes and automatically penetrating multiple engines | |
| CN108712396A (en) | Networked asset management and loophole governing system | |
| CN113691566B (en) | Mail server secret stealing detection method based on space mapping and network flow statistics | |
| CN107154940A (en) | A kind of Internet of Things vulnerability scanning system and scan method | |
| US20060037077A1 (en) | Network intrusion detection system having application inspection and anomaly detection characteristics | |
| CN102223267B (en) | IDS (intrusion detection system) detecting method and IDS detecting equipment | |
| CN111709009A (en) | Detection method and device for networked industrial control system, computer equipment and medium | |
| CN106656657A (en) | Adaptive vulnerability mining framework based on industrial control protocol | |
| CN101695033A (en) | Network fragility analyzing system based on privilege lift | |
| CN108989296A (en) | A kind of Internet of things system safety comprehensive assessment system and method | |
| CN114050979B (en) | Industrial control protocol safety test system and device | |
| Liao et al. | A comprehensive detection approach of nmap: Principles, rules and experiments | |
| CN110474906A (en) | Master based on closed loop feedback passively combines cyberspace target depth digging technology | |
| CN106878339A (en) | A kind of vulnerability scanning system and method based on internet-of-things terminal equipment | |
| CN100493065C (en) | Method for using immediate information software by data detection network address switching equipment | |
| Matoušek et al. | Efficient modelling of ICS communication for anomaly detection using probabilistic automata | |
| Shi et al. | The penetration testing framework for large-scale network based on network fingerprint | |
| He et al. | Fingerprinting mainstream IoT platforms using traffic analysis | |
| Kumar et al. | Light weighted CNN model to detect DDoS attack over distributed scenario | |
| CN105656730A (en) | Network application quick discovery method and system based on TCP data packet | |
| Luo et al. | BLEEM: packet sequence oriented fuzzing for protocol implementations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhou Weiping Document name: the First Notification of an Office Action |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhou Weiping Document name: Deemed notice of withdrawal |
|
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181102 |