CN111026012B - Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium - Google Patents
Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111026012B CN111026012B CN201911200503.2A CN201911200503A CN111026012B CN 111026012 B CN111026012 B CN 111026012B CN 201911200503 A CN201911200503 A CN 201911200503A CN 111026012 B CN111026012 B CN 111026012B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- information
- plc
- detected
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
- G05B19/058—Safety, monitoring
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/10—Plc systems
- G05B2219/14—Plc safety
- G05B2219/14071—Test of equipment, system without using actual system
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a method and a device for detecting a PLC firmware-level bug, electronic equipment and a storage medium, relates to the technical field of industrial control safety, and can find the PLC firmware-level bug in time so as to improve the safety of industrial production. The method comprises the following steps: detecting relevant information of the PLC to be detected; matching a vulnerability library by using the related information to acquire vulnerability information and risk information; constructing a vulnerability data packet based on the acquired vulnerability information to perform vulnerability test on the PLC to be detected and recording a test result; giving a firmware upgrading version and a protection suggestion based on the test result; wherein the related information comprises: vendor information, hardware information, firmware information, system version, or system log; discovery time, manufacturer information, hardware types, firmware versions, vulnerability information and risk information are recorded in the vulnerability database.
Description
Technical Field
The invention relates to the technical field of industrial safety, in particular to a method and a device for detecting PLC firmware level bugs, electronic equipment and a storage medium.
Background
The PLC is a core device in the control field, is widely applied to the industrial fields of petroleum and petrochemical industry, water conservancy, electric power, food processing, sewage treatment and the like, and is mainly used for the aspects of data collection, data analysis, production control and the like. However, in current industrial production, PLC is also faced with many non-negligible safety hazards. As the domestic industrial enterprises mainly apply the internationally known PLC and the domestic PLC is rare, the PLC of the domestic industrial enterprises has many potential safety hazards. The PLC is basically in a long-term operation state after being installed in an industrial environment, vulnerability detection and firmware upgrading cannot be carried out on the PLC, and the PLC is very low in firmware version and easy to attack due to the fact that the PLC is installed in the industrial environment. Moreover, in recent years, attacks against the PLC are frequently generated, and the safety of the PLC is concerned with economic development, social stability and national safety, and the safety research on the PLC is an urgent matter.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for detecting a PLC firmware level bug, an electronic device, and a storage medium, which can find the PLC firmware level bug in time, thereby improving the safety of industrial production.
The embodiment of the invention provides a method for detecting a PLC firmware-level bug, which comprises the following steps:
detecting relevant information of the PLC to be detected;
matching a vulnerability library by using the related information to acquire vulnerability information and risk information;
constructing a vulnerability data packet based on the acquired vulnerability information to perform vulnerability test on the PLC to be detected and recording a test result;
giving a firmware upgrading version and a protection suggestion based on the test result;
wherein the related information includes: vendor information, hardware information, firmware information, system version, or system log; discovery time, manufacturer information, hardware types, firmware versions, vulnerability information and risk information are recorded in the vulnerability database.
Further, the detecting relevant information of the PLC to be detected specifically includes:
acquiring a first response packet periodically sent to an upper computer by a PLC to be detected;
unpacking the first response packet according to an industrial control protocol to obtain a key data segment;
constructing a data packet requesting relevant information by using the acquired key data segment;
sending the data packet requesting the relevant information to a PLC to be detected;
acquiring a second response packet sent to the upper computer by the PLC to be detected;
and analyzing the second response packet to obtain related information.
Further, the unpacking the first response packet according to the industrial control protocol to obtain the key data segment specifically includes:
matching the first response packet with a corresponding industrial control protocol library, performing unpacking operation by using a regular expression, and acquiring a key data segment by using group; wherein the key data segment includes: port number, protocol, or domain name.
In the embodiment of the method, constructing the vulnerability data packet based on the acquired vulnerability information to perform vulnerability testing on the PLC to be detected and recording the testing result specifically includes:
screening vulnerability information with the discovery time after the delivery date in the hardware information of the PLC to be detected, and constructing a vulnerability data packet to test the vulnerability of the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different series of products of the same manufacturer to perform vulnerability test on the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different manufacturers to test the vulnerability of the PLC to be detected;
or, performing operating system vulnerability test on an upper computer related to the PLC to be detected;
and generating a test document based on the vulnerability test result.
In a second aspect, an embodiment of the present invention provides a device for detecting a PLC firmware level bug, including:
the equipment information detection module is used for detecting relevant information of the PLC to be detected;
the vulnerability information matching module is used for matching a vulnerability library by using the related information to acquire vulnerability information and risk information;
the vulnerability testing and recording module is used for constructing a vulnerability data packet based on the acquired vulnerability information to test the vulnerability of the PLC to be detected and recording the testing result;
the firmware upgrading protection module is used for giving a firmware upgrading version and a protection suggestion based on the test result;
wherein the related information includes: vendor information, hardware information, firmware information, system version, or system log; discovery time, manufacturer information, hardware types, firmware versions, vulnerability information and risk information are recorded in the vulnerability database.
Further, the device information detection module is specifically configured to:
acquiring a first response packet periodically sent to an upper computer by a PLC to be detected;
unpacking the first response packet according to an industrial control protocol to obtain a key data segment;
constructing a data packet requesting relevant information by using the acquired key data segment;
sending a data packet requesting related information to a PLC to be detected;
acquiring a second response packet sent to the upper computer by the PLC to be detected;
and analyzing the second response packet to obtain related information.
Further, the unpacking the first response packet according to the industrial control protocol to obtain the key data segment specifically includes:
matching the first response packet with a corresponding industrial control protocol library, performing unpacking operation by using a regular expression, and acquiring a key data segment by using group; wherein the key data segment includes: port number, protocol, or domain name.
In the above apparatus embodiment, the vulnerability testing recording module is specifically configured to:
screening vulnerability information with the time after the factory date is found in a vulnerability library based on the factory date in the hardware information of the PLC to be detected, and constructing a vulnerability data packet to test the vulnerability of the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different series of products of the same manufacturer to perform vulnerability test on the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different manufacturers to test the vulnerabilities of the PLC to be detected;
or, performing operating system vulnerability test on an upper computer related to the PLC to be detected;
and generating a test document based on the vulnerability test result.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing any one of the above methods for detecting PLC firmware level bugs.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement the method for detecting a PLC firmware level bug according to any one of the foregoing implementations.
The method, the device, the electronic equipment and the storage medium for detecting the PLC firmware-level bugs are different from a method for detecting bugs from firmware in the traditional industry, and are characterized in that relevant information of the PLC to be detected is obtained and matched with a bug library so as to obtain bug information, a bug data packet is constructed based on the bug information so as to perform bug test on the PLC to be detected, fuzzy test on PLCs of different series of the same company and different series of different companies is further realized, behaviors after PLC test are arranged, and a corresponding protection scheme is provided, so that a better protection effect is achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an embodiment of a method for detecting a PLC firmware level bug in an industrial control system according to the present invention;
FIG. 2 is a flowchart of a method of one embodiment of a method of detecting information associated with a PLC under test of the present invention;
fig. 3 is a schematic structural diagram of an embodiment of a device for detecting a PLC firmware level bug in an industrial control system according to the present invention;
fig. 4 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Embodiments of the present invention are described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
To more clearly illustrate the embodiments of the present invention, the technical terms involved are thus explained and illustrated:
PLC: a programmable logic controller;
PROFIBUS: a field bus standard for use in automation technology.
The upper computer refers to an engineer station and an operator station in the industrial control system.
Engineer station: a workstation for use by an industrial process control engineer to configure, program, modify, etc. a computer system.
An operator station: in a distributed control system, a human interface device is used as an operator console. Including a display, a host, a keyboard or mouse, etc.
In a first aspect, an embodiment of the present invention provides a method for detecting a PLC firmware level bug, which can find the PLC firmware level bug in time and provide an upgrade version and a protection suggestion.
Fig. 1 is a flowchart of a method of an embodiment of a method for detecting a PLC firmware level bug, including:
s10: detecting relevant information of the PLC to be detected; wherein the related information includes: vendor information, hardware information, firmware information, system version, or system log.
S20: matching a vulnerability library by using the related information to acquire vulnerability information and risk information; the vulnerability database records discovery time, manufacturer information, hardware types, firmware versions, vulnerability information and risk information. The vulnerability database is a database established according to known vulnerability information.
S30: and constructing a vulnerability data packet based on the acquired vulnerability information to test the vulnerability of the PLC to be detected and recording the test result.
S40: and giving a firmware upgrading version and protection suggestions based on the test result.
More preferably, the constructing of the vulnerability data packet based on the obtained vulnerability information is used for performing vulnerability testing on the PLC to be detected and recording the testing result, and specifically includes:
screening vulnerability information with the discovery time after the delivery date in the hardware information of the PLC to be detected, and constructing a vulnerability data packet to test the vulnerability of the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different series of products of the same manufacturer to perform vulnerability test on the PLC to be detected; for example: siemens has 300, 400 and 1200 series of PLCs, different series of bugs are different, and 400 series of bug data packets can be selected to attack the 300 series of PLCs to be tested, so as to observe whether influence is caused.
Or constructing a vulnerability data packet by using vulnerability information of different manufacturers to test the vulnerability of the PLC to be detected; for example: and sending the vulnerability data packet of the PLC of the Rockwell to the PLC of the Siemens for vulnerability testing, and observing whether the PLC of the Siemens is influenced.
Or, performing operating system vulnerability test on an upper computer related to the PLC to be detected;
and generating a test document based on the vulnerability test result.
As a more preferred embodiment, the method for detecting information related to a PLC to be detected, as shown in fig. 2, specifically includes:
s101: and acquiring a first response packet which is periodically sent to the upper computer by the PLC to be detected. The PLC to be detected can be a PLC with a specific model of a specific manufacturer, a PLC with a specific series of a specific manufacturer, a PLC with an IP marked or all PLCs.
More preferably, the detection of the PLC of a specific model of a specific manufacturer, the PLC of a specific series of a specific manufacturer, the PLC with an IP label, or all the PLCs is realized by setting related product information.
S102: unpacking the first response packet according to an industrial control protocol to obtain a key data segment;
the unpacking operation of the first response packet according to the industrial control protocol to obtain the key data segment specifically includes:
matching the first response packet with a corresponding industrial control protocol library, performing unpacking operation by using a regular expression, and acquiring a key data segment by using group; wherein the key data segment includes: port number, protocol, or domain name. For example: 80 in the GOOSE protocol and 0x32 in the S7 protocol, the TCP/IP handshake packet of Modbus. The key data segments of different protocols are different in position and content, so that the key data segments need to be matched with an industrial control protocol library to acquire position information and the like.
Wherein the industrial control protocol includes but is not limited to: modbus, OPC, S7, 104 protocol or Profibus industrial control common protocol.
S103: and constructing a data packet requesting the related information by using the acquired key data segment.
S104: and sending the data packet requesting the relevant information to the PLC to be detected.
S105: and acquiring a second response packet sent to the upper computer by the PLC to be detected.
S106: and analyzing the second response packet to obtain related information.
As a more preferred embodiment, records such as operation logs, access data, modification data and the like related to the PLC to be detected are further acquired for subsequent analysis.
According to the method, relevant information of the PLC to be detected is obtained and matched with a vulnerability library to obtain relevant vulnerability information, a vulnerability data packet is further established to carry out vulnerability testing on the PLC to be detected, a testing result is observed, and a firmware upgrading version and a protection suggestion are provided; the PLC firmware-level bugs can be identified in time, and therefore safety is improved.
In a second aspect, an embodiment of the present invention provides a device for detecting a PLC firmware level bug, which can find the PLC firmware level bug in time and provide an upgrade version and a protection suggestion.
Fig. 3 is a schematic structural diagram of an embodiment of a device for detecting a PLC firmware level bug in an industrial control system, including:
the device information detection module 301 is used for detecting relevant information of the PLC to be detected;
a vulnerability information matching module 302, configured to match a vulnerability library with the relevant information to obtain vulnerability information and risk information;
the vulnerability testing and recording module 303 is used for constructing a vulnerability data packet based on the acquired vulnerability information to perform vulnerability testing on the PLC to be detected and recording a testing result;
a firmware upgrade protection module 304, configured to provide a firmware upgrade version and a protection suggestion based on the test result;
wherein the related information comprises: vendor information, hardware information, firmware information, system version, or system log; discovery time, manufacturer information, hardware types, firmware versions, vulnerability information and risk information are recorded in the vulnerability database.
Preferably, the device information detection module is specifically configured to:
acquiring a first response packet periodically sent to an upper computer by a PLC to be detected;
unpacking the first response packet according to an industrial control protocol to obtain a key data segment;
constructing a data packet requesting related information by using the acquired key data segment;
sending a data packet requesting related information to a PLC to be detected;
acquiring a second response packet sent to the upper computer by the PLC to be detected;
and analyzing the second response packet to obtain related information.
Preferably, the unpacking the first response packet according to the industrial control protocol to obtain the key data segment specifically includes:
matching the first response packet with a corresponding industrial control protocol library, performing unpacking operation by using a regular expression, and acquiring a key data segment by using a group; wherein the key data segment includes: port number, protocol, or domain name.
In the above system embodiment, the vulnerability testing recording module is specifically configured to:
screening vulnerability information with the discovery time after the delivery date in the hardware information of the PLC to be detected, and constructing a vulnerability data packet to test the vulnerability of the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different series of products of the same manufacturer to perform vulnerability test on the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different manufacturers to test the vulnerability of the PLC to be detected;
or, performing operating system vulnerability test on an upper computer related to the PLC to be detected;
and generating a test document based on the vulnerability test result.
According to the method, relevant information of the PLC to be detected is obtained, and is matched with the subsequent relevant vulnerability information of the vulnerability database, so that a vulnerability data packet is established, vulnerability testing is carried out on the PLC to be detected, a testing result is observed, and a firmware upgrading version and a protection suggestion are provided; the PLC firmware-level bugs can be identified in time, and therefore safety is improved.
In a third aspect, an embodiment of the present invention further provides an electronic device, which is capable of discovering a PLC firmware level bug in time and providing an upgrade version and a protection suggestion.
Fig. 4 is a schematic structural diagram of an embodiment of an electronic device of the present invention, where the electronic device may include: a housing 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is disposed inside a space enclosed by the housing 41, and the processor 42 and the memory 43 are disposed on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the electronic apparatus; the memory 43 is used for storing executable program codes; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, so as to execute the PLC firmware level bug detection method according to any of the foregoing embodiments.
For the specific execution process of the above steps by the processor 42 and the steps further executed by the processor 42 by running the executable program code, reference may be made to the description of the embodiment shown in fig. 1 and 2 of the present invention, and details are not repeated here.
The electronic device exists in a variety of forms, including but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement the method for detecting a PLC firmware level bug according to any one of the foregoing implementation manners.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the method embodiment, since it is substantially similar to the apparatus embodiment, the description is simple, and the relevant points can be referred to the partial description of the apparatus embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A method for detecting a PLC firmware level bug is characterized by comprising the following steps:
detecting relevant information of the PLC to be detected;
matching a vulnerability library by using the related information to acquire vulnerability information and risk information;
constructing a vulnerability data packet based on the acquired vulnerability information to perform vulnerability test on the PLC to be detected and recording a test result;
acquiring and analyzing an operation log, access data and modification data related to the PLC to be detected, and giving a firmware upgrading version and a protection suggestion based on a test result;
wherein the related information comprises: vendor information, hardware information, firmware information, system version, or system log; the discovery time, manufacturer information, hardware types, firmware versions, vulnerability information and risk information are recorded in the vulnerability database;
the method for constructing the vulnerability data packet based on the acquired vulnerability information to test the vulnerability of the PLC to be detected and recording the test result specifically comprises the following steps:
screening vulnerability information with the discovery time after the delivery date in the hardware information of the PLC to be detected, and constructing a vulnerability data packet to test the vulnerability of the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different series of products of the same manufacturer to perform vulnerability test on the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different manufacturers to test the vulnerability of the PLC to be detected;
or, performing operating system vulnerability test on an upper computer related to the PLC to be detected;
and generating a test document based on the vulnerability test result.
2. The method according to claim 1, wherein the detecting information related to the PLC to be detected specifically comprises:
acquiring a first response packet periodically sent to an upper computer by a PLC to be detected;
unpacking the first response packet according to an industrial control protocol to obtain a key data segment;
constructing a data packet requesting related information by using the acquired key data segment;
sending a data packet requesting related information to a PLC to be detected;
acquiring a second response packet sent to the upper computer by the PLC to be detected;
and analyzing the second response packet to obtain related information.
3. The method of claim 2, wherein the unpacking the first response packet according to an industrial control protocol to obtain a key data segment specifically includes:
matching the first response packet with a corresponding industrial control protocol library, performing unpacking operation by using a regular expression, and acquiring a key data segment by using group; wherein the key data segment includes: port number, protocol, or domain name.
4. The utility model provides a detection device of PLC firmware level vulnerability which characterized in that includes:
the equipment information detection module is used for detecting relevant information of the PLC to be detected;
the vulnerability information matching module is used for matching a vulnerability library by using the related information to acquire vulnerability information and risk information;
the vulnerability testing and recording module is used for constructing a vulnerability data packet based on the acquired vulnerability information to test the vulnerability of the PLC to be detected and recording the testing result;
the firmware upgrading protection module is used for acquiring and analyzing an operation log, access data and modification data related to the PLC to be detected and giving a firmware upgrading version and a protection suggestion based on a test result;
wherein the related information includes: vendor information, hardware information, firmware information, system version, or system log; the discovery time, manufacturer information, hardware types, firmware versions, vulnerability information and risk information are recorded in the vulnerability database;
the vulnerability testing and recording module is specifically used for:
screening vulnerability information with the time after the factory date is found in a vulnerability library based on the factory date in the hardware information of the PLC to be detected, and constructing a vulnerability data packet to test the vulnerability of the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different series of products of the same manufacturer to perform vulnerability test on the PLC to be detected;
or constructing a vulnerability data packet by using vulnerability information of different manufacturers to test the vulnerability of the PLC to be detected;
or, performing operating system vulnerability test on an upper computer related to the PLC to be detected;
and generating a test document based on the vulnerability test result.
5. The apparatus of claim 4, wherein the device information detection module is specifically configured to:
acquiring a first response packet periodically sent to an upper computer by a PLC to be detected;
unpacking the first response packet according to an industrial control protocol to obtain a key data segment;
constructing a data packet requesting related information by using the acquired key data segment;
sending a data packet requesting related information to a PLC to be detected;
acquiring a second response packet sent to the upper computer by the PLC to be detected;
and analyzing the second response packet to obtain related information.
6. The apparatus of claim 5, wherein the unpacking the first response packet according to the industrial control protocol to obtain the key data segment specifically includes:
matching the first response packet with a corresponding industrial control protocol library, performing unpacking operation by using a regular expression, and acquiring a key data segment by using group; wherein the key data segment includes: port number, protocol, or domain name.
7. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for performing the method of any one of claims 1 to 3.
8. A computer-readable storage medium, having one or more programs stored thereon, the one or more programs being executable by one or more processors to perform the method of any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911200503.2A CN111026012B (en) | 2019-11-29 | 2019-11-29 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911200503.2A CN111026012B (en) | 2019-11-29 | 2019-11-29 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111026012A CN111026012A (en) | 2020-04-17 |
| CN111026012B true CN111026012B (en) | 2023-01-31 |
Family
ID=70203525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911200503.2A Active CN111026012B (en) | 2019-11-29 | 2019-11-29 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111026012B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111562938B (en) * | 2020-04-20 | 2024-05-24 | 杭州迪普科技股份有限公司 | Method and device for checking configuration information of PLC and computer equipment |
| CN111427307B (en) * | 2020-04-22 | 2021-08-24 | 国网浙江省电力有限公司 | Industrial control abnormity detection method, device and equipment |
| CN111585989A (en) * | 2020-04-26 | 2020-08-25 | 杭州安恒信息技术股份有限公司 | Vulnerability detection method and device of networked industrial control equipment and computer equipment |
| CN112448866A (en) * | 2020-11-12 | 2021-03-05 | 国网北京市电力公司 | Protocol detection method, device, computer readable storage medium and processor |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1940951A (en) * | 2005-09-22 | 2007-04-04 | 阿尔卡特公司 | Safety loophole information aggregation |
| CN104468267A (en) * | 2014-11-24 | 2015-03-25 | 国家电网公司 | Information safety penetration testing method for distribution automation system |
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| CN108763928A (en) * | 2018-05-03 | 2018-11-06 | 北京邮电大学 | A kind of open source software leak analysis method, apparatus and storage medium |
| CN110110525A (en) * | 2019-04-26 | 2019-08-09 | 北京中润国盛科技有限公司 | A kind of bug excavation method based on machine learning and deep learning |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102541729A (en) * | 2010-12-31 | 2012-07-04 | 航空工业信息中心 | Detection device and method for security vulnerability of software |
| CN106295335B (en) * | 2015-06-11 | 2021-09-24 | 中国科学院信息工程研究所 | Firmware vulnerability detection method and system for embedded equipment |
| CN106131041A (en) * | 2016-07-29 | 2016-11-16 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safety detection device and unknown leak detection method |
| CN106487813A (en) * | 2016-12-13 | 2017-03-08 | 北京匡恩网络科技有限责任公司 | Industry control network safety detecting system and detection method |
| CN108737417A (en) * | 2018-05-16 | 2018-11-02 | 南京大学 | A kind of vulnerability checking method towards industrial control system |
| CN108809951A (en) * | 2018-05-16 | 2018-11-13 | 南京大学 | A kind of penetration testing frame suitable for industrial control system |
| CN109067800A (en) * | 2018-09-29 | 2018-12-21 | 南京明博互联网安全创新研究院有限公司 | A kind of cross-platform association detection method of firmware loophole |
| CN110162977B (en) * | 2019-04-24 | 2020-12-04 | 北京邮电大学 | Android vehicle-mounted terminal system vulnerability detection system and method |
| CN110417755A (en) * | 2019-07-11 | 2019-11-05 | 华东师范大学 | Based on the industry control protocol bug excavation method for generating confrontation network |
| CN110493254A (en) * | 2019-09-03 | 2019-11-22 | 国家计算机网络与信息安全管理中心 | Industrial Yunan County's overall evaluating method and device |
-
2019
- 2019-11-29 CN CN201911200503.2A patent/CN111026012B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1940951A (en) * | 2005-09-22 | 2007-04-04 | 阿尔卡特公司 | Safety loophole information aggregation |
| CN104468267A (en) * | 2014-11-24 | 2015-03-25 | 国家电网公司 | Information safety penetration testing method for distribution automation system |
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| CN108763928A (en) * | 2018-05-03 | 2018-11-06 | 北京邮电大学 | A kind of open source software leak analysis method, apparatus and storage medium |
| CN110110525A (en) * | 2019-04-26 | 2019-08-09 | 北京中润国盛科技有限公司 | A kind of bug excavation method based on machine learning and deep learning |
Non-Patent Citations (3)
| Title |
|---|
| 一种Modbus TCP模糊测试中畸形数据过滤方法;任蒲军等;《电子测量技术》;20190408(第07期);全文 * |
| 基于模糊测试的网络协议漏洞挖掘;张宝峰等;《清华大学学报(自然科学版)》;20091215;全文 * |
| 面向工业嵌入式设备的漏洞分析方法研究;尚文利等;《自动化仪表》;20151020(第10期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111026012A (en) | 2020-04-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111026012B (en) | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium | |
| US7739553B2 (en) | System crash analysis using path tracing technologies | |
| CN106294102B (en) | Application program testing method, client, server and system | |
| US20130117855A1 (en) | Apparatus for automatically inspecting security of applications and method thereof | |
| CN105224869A (en) | Assembly test method and device | |
| CN112019401B (en) | Internet of vehicles application safety testing method, device and system and electronic equipment | |
| CN107370804B (en) | Software application processing method and device | |
| CN109683997B (en) | Method for accessing application program interface through sandbox, sandbox and sandbox equipment | |
| CN105550101A (en) | Test method for application program, electronic device and system | |
| CN107861738A (en) | Using abnormality eliminating method, device, storage medium and terminal device | |
| CN111143150A (en) | Method and system for testing PCBA (printed circuit board assembly), testing equipment and micro-control unit | |
| CN110597720A (en) | Application program testing method and device, electronic equipment and storage medium | |
| CN110543420A (en) | Software testing method, system, terminal and storage medium | |
| CN112996020A (en) | Bluetooth-based automatic testing method and device and Bluetooth testing terminal | |
| CN111030968A (en) | Detection method and device capable of customizing threat detection rule and storage medium | |
| CN111190791A (en) | Application exception reporting method and device and electronic equipment | |
| CN109543409B (en) | Method, device and equipment for detecting malicious application and training detection model | |
| CN113010188B (en) | Modular measurement and control system generation method and device, computer equipment and memory | |
| CN106651183B (en) | Communication data security audit method and device of industrial control system | |
| CN108874462B (en) | Browser behavior acquisition method and device, storage medium and electronic equipment | |
| CN110889116A (en) | Advertisement blocking method and device and electronic equipment | |
| CN114969760A (en) | Vulnerability detection method and device, computer readable medium and electronic equipment | |
| CN112698791A (en) | System disk cleaning method and device, electronic equipment and storage medium | |
| CN111382416B (en) | Application program operation identification method and device, terminal equipment and storage medium | |
| CN113779576A (en) | Identification method and device for executable file infected virus and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Applicant after: Antan Technology Group Co.,Ltd. Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road) Applicant before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |