CN112528295A - Vulnerability repairing method and device of industrial control system - Google Patents

Vulnerability repairing method and device of industrial control system Download PDF

Info

Publication number
CN112528295A
CN112528295A CN202011534863.9A CN202011534863A CN112528295A CN 112528295 A CN112528295 A CN 112528295A CN 202011534863 A CN202011534863 A CN 202011534863A CN 112528295 A CN112528295 A CN 112528295A
Authority
CN
China
Prior art keywords
vulnerability
information
target
repair
vulnerability information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011534863.9A
Other languages
Chinese (zh)
Other versions
CN112528295B (en
Inventor
郭娴
杨佳宁
陈柯宇
杨立宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Industrial Control Systems Cyber Emergency Response Team
Original Assignee
China Industrial Control Systems Cyber Emergency Response Team
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Industrial Control Systems Cyber Emergency Response Team filed Critical China Industrial Control Systems Cyber Emergency Response Team
Priority to CN202011534863.9A priority Critical patent/CN112528295B/en
Publication of CN112528295A publication Critical patent/CN112528295A/en
Application granted granted Critical
Publication of CN112528295B publication Critical patent/CN112528295B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The application is suitable for the technical field of network security, and provides a vulnerability repairing method and device of an industrial control system. The vulnerability repairing method comprises the following steps: detecting a vulnerability to be repaired existing in an industrial control system; acquiring target vulnerability information corresponding to the vulnerability to be repaired; searching a corresponding target vulnerability repair tool from a pre-constructed vulnerability information base according to the target vulnerability information, wherein a plurality of preset known vulnerability information and a vulnerability repair tool corresponding to each known vulnerability information are recorded in the vulnerability information base; and adopting the target vulnerability repair tool to repair the vulnerability to be repaired. According to the method, the vulnerability information base is constructed in advance, the target vulnerability repair tool is determined from the vulnerability information base after the target vulnerability information is obtained, and finally the vulnerability to be repaired of the industrial control system is repaired through the target vulnerability repair tool.

Description

Vulnerability repairing method and device of industrial control system
Technical Field
The present application belongs to the field of network security technologies, and in particular, to a vulnerability repair method and apparatus for an industrial control system, a terminal device, and a storage medium.
Background
With the rapid development of the internet, the theory of the two-way integration is gradually mature, and an industrial control system gradually adopts an open network interconnection technology and commercial IT standard products. While the development of the industrial production is promoted by the development of digitalization and intellectualization, a plurality of potential safety hazards are brought. For example, some core embedded devices represented by PLC in industrial production have weak security and protection capabilities, and the networking result undoubtedly increases the risk of malicious attack on industrial control devices. In recent years, various attack events aiming at the industrial control system are increasing, and the serious defects of the industrial control system in the aspect of safety protection are exposed, so that the acceleration of the information safety construction of the industrial control system is particularly urgent.
For potential safety risks, early prevention is required; and timely repairing the discovered system bugs. At present, the bug of the system is repaired by manually matching schemes and searching corresponding repairing tools, but the method has low repairing efficiency, the bug which appears in the non-working time period can not be repaired in time, and the repairing timeliness is low.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for bug fixing of an industrial control system, a terminal device, and a storage medium, which can fix a system bug in real time and improve the fixing efficiency of the system.
In a first aspect, an embodiment of the present application provides a vulnerability fixing method for an industrial control system, including:
detecting a vulnerability to be repaired existing in an industrial control system;
acquiring target vulnerability information corresponding to the vulnerability to be repaired;
searching a corresponding target vulnerability repair tool from a pre-constructed vulnerability information base according to the target vulnerability information, wherein a plurality of preset known vulnerability information and a vulnerability repair tool corresponding to each known vulnerability information are recorded in the vulnerability information base;
and adopting the target vulnerability repair tool to repair the vulnerability to be repaired.
According to the method, the vulnerability information base is constructed in advance, the target vulnerability repairing tool is determined from the vulnerability information base after the target vulnerability information is obtained, and finally the vulnerability to be repaired of the industrial control system is repaired through the target vulnerability repairing tool.
Further, the vulnerability information base is constructed by the following steps:
crawling each known vulnerability information of the industrial control system and a vulnerability repair scheme of each known vulnerability information through a network, wherein the vulnerability repair scheme records vulnerability repair tools corresponding to the corresponding known vulnerability information;
crawling the downloading link of each bug fixing tool recorded in each bug fixing scheme through a network;
and downloading each vulnerability repair tool through the download link, and constructing and obtaining the vulnerability information base according to each known vulnerability information and each downloaded vulnerability repair tool.
Known vulnerability data published by a designated website are crawled by using a network crawler technology, vulnerability repairing tools corresponding to each known vulnerability information are obtained from the known vulnerability data and downloaded, and finally a vulnerability information base is constructed according to the known vulnerability information and the vulnerability repairing tools, so that when the same vulnerability appears in an internal industrial control system, the vulnerability repairing tools are matched in time and vulnerability repairing is carried out.
Further, the obtaining target vulnerability information corresponding to the vulnerability to be repaired includes:
acquiring log information of the industrial control system;
analyzing the log information to obtain each vulnerability information identifier contained in the log information;
and determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifications.
After the vulnerability to be repaired is detected, the vulnerability information of the industrial control system is obtained and analyzed to obtain each vulnerability information identifier contained in the log information, and the target vulnerability information corresponding to the vulnerability to be repaired is determined according to the vulnerability information identifier.
Further, if the corresponding target vulnerability repair tool is not found from the vulnerability information base according to the target vulnerability information, displaying an information input button on an interface of the vulnerability repair system;
if a target operation instruction for the information input button is detected, displaying a vulnerability information input box corresponding to the type of the target operation instruction;
and after an information storage instruction is detected, acquiring new vulnerability information input in the vulnerability information input box, and adding the new vulnerability information into the vulnerability information base.
The target vulnerability information may be vulnerability information which is not recorded in the vulnerability information base or has different names, so that the corresponding target vulnerability repair tool cannot be found from the vulnerability information base according to the target vulnerability information. At this time, the target vulnerability information can be newly increased or modified by clicking an information input button by a user, and is synchronously updated into the vulnerability information base after being stored, and when the vulnerability appears again, the corresponding target vulnerability repair tool can be directly found through the vulnerability information base for repairing, so that the efficiency and the reliability of vulnerability repair are improved.
Further, after a target operation instruction for the information input button is detected, before a vulnerability information input box corresponding to the type of the target operation instruction is displayed, the method further includes:
acquiring the identity information of a user currently logging in the vulnerability repair system;
if the user identity information belongs to preset identity information corresponding to the target operation instructions of all types, executing a step of displaying a vulnerability information input box corresponding to the types of the target operation instructions and subsequent steps;
and if the user identity information does not belong to the preset identity information corresponding to the target operation instructions of all types, outputting indication information of the current user unauthorized operation.
Different user identity information has different operation authorities, so that after an information input button clicked by a user is received, whether the user identity information logged in by the current vulnerability repair system has the authority to execute a target operation instruction needs to be determined, after the user identity information is determined to have the corresponding authority, a vulnerability information input box corresponding to the target operation instruction can be displayed, and after an information storage instruction is detected, vulnerability information is stored and updated to a vulnerability information base; if the user identity information is determined not to have the corresponding authority, the corresponding prompt information which the current user does not have the authority to operate is output. Before the operation instruction is executed, the user identity information is confirmed, so that the security and the updating accuracy of the vulnerability information can be improved, and the robustness of the vulnerability repairing system is improved.
Further, acquiring vulnerability repair historical data of the industrial control system, which is recorded by the vulnerability repair system, wherein the vulnerability repair historical data comprises repaired vulnerability data and unrepaired vulnerability data of the industrial control system;
displaying the repaired vulnerability data and the unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
After detecting the to-be-repaired bugs of the industrial control system and completing bug repair, the bug repair system records repaired bug data and unrepaired bug data, so that users can visually know the current bug repair situation of the system, the repaired bug data and the unrepaired bug data of the industrial control system can be converted into a chart form and displayed in an interface of the bug repair system, and the visualization of the data is improved.
In a second aspect, an embodiment of the present application provides a bug fixing device for an industrial control system, including:
the vulnerability information acquisition module is used for detecting vulnerabilities to be repaired existing in the industrial control system;
the target vulnerability information acquisition module is used for acquiring target vulnerability information corresponding to the vulnerability to be repaired;
the target vulnerability repair tool searching module is used for searching a corresponding target vulnerability repair tool from a pre-constructed vulnerability information base according to the target vulnerability information, and a plurality of preset known vulnerability information and a vulnerability repair tool corresponding to each known vulnerability information are recorded in the vulnerability information base;
and the vulnerability repairing module is used for repairing the vulnerability to be repaired by adopting the target vulnerability repairing tool.
Further, the apparatus further comprises:
the known vulnerability data crawling module is used for crawling each known vulnerability information of the industrial control system and a vulnerability repairing scheme of each known vulnerability information through a network, and the vulnerability repairing scheme records vulnerability repairing tools corresponding to the corresponding known vulnerability information;
the download link crawling module is used for crawling the download links of the bug fixing tools recorded in the bug fixing schemes through a network;
and the vulnerability information base construction module is used for downloading each vulnerability repair tool through the downloading link and constructing the vulnerability information base according to each known vulnerability information and each downloaded vulnerability repair tool.
In a third aspect, an embodiment of the present application provides a terminal device, which includes a memory, a processor, and a computer program that is stored in the memory and is executable on the processor, where the processor, when executing the computer program, implements the bug fixing method for the industrial control system as set forth in the first aspect of the embodiment of the present application.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for bug fixing of an industrial control system is implemented as set forth in the first aspect of the embodiment of the present application.
Compared with the prior art, the embodiment of the application has the advantages that: the system bugs can be repaired in real time, and the repair efficiency of the system is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart of a vulnerability fixing method of an industrial control system according to an embodiment of the present disclosure;
fig. 2 is a structural diagram of a bug fixing device of an industrial control system according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a terminal device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular device structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The terminology used in the following examples is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of this application and the appended claims, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, such as "one or more", unless the context clearly indicates otherwise. It should also be understood that in the embodiments of the present application, "one or more" means one, two, or more than two; "and/or" describes the association relationship of the associated objects, indicating that three relationships may exist; for example, a and/or B, may represent: a alone, both A and B, and B alone, where A, B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The vulnerability repairing method of the industrial control system provided by the embodiment of the application can be applied to terminal devices or servers such as mobile phones, tablet computers, medical devices, wearable devices, vehicle-mounted devices, Augmented Reality (AR)/Virtual Reality (VR) devices, notebook computers, ultra-mobile personal computers (UMPCs), netbooks, Personal Digital Assistants (PDAs) and the like, and the embodiment of the application does not limit the specific types of the terminal devices and the servers at all.
The industrial control system is widely applied to various fields of the national civilization. With the rapid development of the internet era, the trend of merging "industrialization" and "informatization" is more and more compact, informatization plays a very important role in the aspects of production operation, management and the like of industrial enterprises, and information systems and information devices developed for the business and safety of the industrial enterprises are increasingly increased. From the technical perspective, with the continuous change and complication of network environment, enterprise informatization is continuously developed and deepened, information security risks are increased, the probability that each information system and each information device suffer from various security threats through the internet is increased, but the severe situation of the information security of the industrial control system is really concerned until 2010 network earthquake and a series of subsequent industrial control system information security events occur. Important key infrastructures such as energy and electric power become key points of hacker attack, the attack range of the industrial control system is continuously expanded, the attack is more accurate, the security threat is increasingly serious, and the key infrastructures gradually permeate into various key fields of industrial production and national economic life.
For potential safety risks, early prevention is required; and timely repairing the discovered system bugs. At present, the bug of the system is repaired by manually matching schemes and searching corresponding repairing tools, but the method has low repairing efficiency, the bug which appears in the non-working time period can not be repaired in time, and the repairing timeliness is low. In order to solve the problem, the application provides a vulnerability fixing method of an industrial control system, so that the detected vulnerability can be fixed in real time.
Referring to fig. 1, fig. 1 shows a flowchart of a vulnerability fixing method of an industrial control system provided in the present application, including:
101. detecting a vulnerability to be repaired existing in an industrial control system;
firstly, the vulnerability to be repaired existing in the industrial control system can be detected, and specifically, the vulnerability to be repaired can be obtained by scanning through a vulnerability scanner. The execution main body of the embodiment can be a certain terminal device provided with a bug fixing system, wherein a bug scanner belongs to a module of the bug fixing system and is mainly used for scanning bugs of an industrial control system inside an enterprise, the bug fixing system further comprises another three modules, one module is a building module of a bug information base and is mainly used for building bug fixing of the industrial control system serving inside the enterprise, the other module is a bug fixing module, a bug fixing tool provided by the bug information base is used for fixing bugs to be fixed scanned by the bug scanner, the other module is a data visualization output module, and data which are cut by users are displayed in a specified interface in a chart form.
102. Acquiring target vulnerability information corresponding to the vulnerability to be repaired;
after detecting a to-be-repaired bug existing in the industrial control system, target bug information corresponding to the to-be-repaired bug is obtained, wherein the target bug information may include a bug name, a device manufacturer, a bug type, a hazard level, a bug description and the like.
In one embodiment, target vulnerability information corresponding to a vulnerability to be repaired may be obtained by:
acquiring log information of the industrial control system;
analyzing the log information to obtain each vulnerability information identifier contained in the log information;
and determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifications.
The method comprises the steps of collecting log information of an industrial control system through a system log or a system recording protocol syslog or a simple network management protocol SNMP, and after the log information is obtained, analyzing the log information to obtain target vulnerability information corresponding to vulnerabilities to be repaired. Specifically, after the log information is analyzed, each vulnerability information identifier included in the log information is obtained, and at this time, target vulnerability information of the vulnerability to be repaired can be determined according to the vulnerability information identifier.
103. Searching a corresponding target vulnerability repair tool from a pre-constructed vulnerability information base according to the target vulnerability information, wherein a plurality of preset known vulnerability information and a vulnerability repair tool corresponding to each known vulnerability information are recorded in the vulnerability information base;
by constructing a vulnerability information base recording known vulnerability information and the vulnerability repair tools corresponding to each known vulnerability information in advance, after target vulnerability information is obtained, the corresponding target vulnerability repair tools can be inquired from the vulnerability base according to the target vulnerability information.
In one embodiment, the vulnerability information base can be constructed by the following steps:
crawling each known vulnerability information of the industrial control system and a vulnerability repair scheme of each known vulnerability information through a network, wherein the vulnerability repair scheme records vulnerability repair tools corresponding to the corresponding known vulnerability information;
crawling the downloading link of each bug fixing tool recorded in each bug fixing scheme through a network;
and downloading each vulnerability repair tool through the download link, and constructing and obtaining the vulnerability information base according to each known vulnerability information and each downloaded vulnerability repair tool.
Web crawlers, also known as "web spiders", search for web pages by their connection addresses, read the content of a web page from a certain page of a web site, find other connection addresses in the web page, and then search for the next web page by these link addresses, which is known to be a technique that cycles through until all web pages on the internet are captured according to a certain policy. The method includes the steps that known vulnerability information published by every Daiwei vulnerability information publishing website is collected and serves as an important part for building a vulnerability information base, and a mature solution is provided for vulnerability repair of an industrial control system, wherein the vulnerability information publishing website can be an exploid-db platform, a key infrastructure security emergency response center ICS-CERT platform, a national information security vulnerability sharing platform CNVD platform and the like, the exploid-db platform is an exploit submission platform facing hackers all over the world, the platform can publish latest relevant conditions of vulnerabilities, and the published relevant information can help enterprises improve the security conditions of companies and can help security researchers and penetration test engineers to perform better security test work. For a vulnerability to be repaired, what is needed is a vulnerability repair tool that can repair it. Therefore, after crawling each piece of known vulnerability information and the repair scheme of each piece of known vulnerability information, the download link of each vulnerability repair tool recorded in the scheme can be further crawled according to the vulnerability repair scheme, each vulnerability repair tool is downloaded through the download link, and finally, a vulnerability information base can be established according to the corresponding relation between each piece of known vulnerability information and each downloaded vulnerability repair tool.
Although a lot of known vulnerability information is recorded in the vulnerability information base, target vulnerability information may have different names, so that a corresponding target vulnerability information repairing tool cannot be found, or the vulnerability information is a newly found vulnerability, so that a corresponding target vulnerability repairing tool cannot be found from the vulnerability information base. When this occurs, in order to improve the robustness of the vulnerability fixing system, in an embodiment, the vulnerability fixing method may further include:
if the corresponding target vulnerability repair tool is not found from the vulnerability information base according to the target vulnerability information, displaying an information input button on an interface of a vulnerability repair system;
if a target operation instruction for the information input button is detected, displaying a vulnerability information input box corresponding to the type of the target operation instruction;
and after an information storage instruction is detected, acquiring new vulnerability information input in the vulnerability information input box, and adding the new vulnerability information into the vulnerability information base.
If the corresponding target vulnerability fix tool cannot be found from the vulnerability information base according to the target vulnerability information, an input information button can be displayed on an interface of the vulnerability fix system. In this case, the user may click a certain information input button, so that the vulnerability repair system may detect a target operation instruction for the information input button, and further may display a vulnerability information input box corresponding to the type of the target operation instruction, where the type of the target operation instruction is newly added, modified, and checked, and if the type of the target operation instruction is newly added, the vulnerability information input box without content is displayed; if the type of the target operation instruction is modification, displaying a vulnerability information input box containing known vulnerability information content to be modified, and clicking the corresponding input box to edit and modify the internal charge of the input box; if the type of the target operation instruction is checking, a vulnerability information input box containing known vulnerability information content to be checked is displayed, but the vulnerability information input box cannot edit vulnerability information and only can be checked.
And then, after the user finishes editing or revising, clicking a storage button, detecting an information storage instruction, acquiring new vulnerability information input in the vulnerability information input box after detecting the instruction, and updating the new vulnerability information into the vulnerability information base. Through the updating of the vulnerability information base, when the target vulnerability information corresponding to the vulnerability to be repaired is the updated vulnerability information, the corresponding target vulnerability repairing tool can be directly obtained from the vulnerability information base for repairing. It should be noted that, part of the vulnerability information recorded in the vulnerability information base may have been completely overcome, and the vulnerability will not appear any more, and for this part of the vulnerability information, it should be cleaned in time, so as to ensure the accuracy of the vulnerability information in the vulnerability information base. Therefore, the type of the target operation instruction can also be deleted, when the target operation instruction is received, the deleted confirmation information is sent, and when the deleted confirmation information is received, the corresponding vulnerability information can be deleted from the vulnerability information base.
In order to ensure the security of the vulnerability information, in one embodiment, after detecting a target operation instruction on the information input button, before displaying a vulnerability information input box corresponding to the type of the target operation instruction, the method further includes:
acquiring the identity information of a user currently logging in the vulnerability repair system;
if the user identity information belongs to preset identity information corresponding to the target operation instructions of all types, executing a step of displaying a vulnerability information input box corresponding to the types of the target operation instructions and subsequent steps;
and if the user identity information does not belong to the preset identity information corresponding to the target operation instructions of all types, outputting indication information of the current user unauthorized operation.
The authorities of different types of target operation instructions are set for different identity information, and the security of the vulnerability information can be improved. Specifically, user identity information of a current login vulnerability repair system can be acquired, and then the user identity information is confirmed, namely the user identity information is matched with preset identity information corresponding to target operation instructions of various types, and if the matching is successful, a vulnerability information input box corresponding to the types of the target operation instructions is displayed and subsequent steps are executed; and if the matching fails, namely the current user identity is proved to have no authority to instruct the target operation instruction, outputting corresponding prompt information for feedback. The relationship between the target operation instructions of the respective types and the preset identity information may be referred to table 1.
TABLE 1
Figure BDA0002852861700000061
Figure BDA0002852861700000071
Note: and the 'check mark' represents that the corresponding preset identity information has the authority to operate the corresponding type of target operation instruction.
Further, in order to avoid the situation that the target vulnerability repair tool cannot be found according to the target vulnerability information due to the fact that the categories of the vulnerability information are not uniform, in one embodiment, the known vulnerability information can be stored after being reclassified after being crawled, similarly, the target vulnerability repair tool needs to be found after being reclassified after the target vulnerability information is obtained, and the accuracy and the efficiency of finding the target vulnerability repair tool can be improved by unifying the category standards of the vulnerability information. The specific classification rule is classification of vulnerability grades, and classification is carried out on the collected vulnerability information according to high risk, medium risk and low risk; the vulnerability type classification comprises various classifications of authority promotion vulnerability, denial of service vulnerability, buffer overflow vulnerability, directory traversal vulnerability, command injection vulnerability and the like; and (4) vulnerability vendor classification, which supports classification according to equipment vendors of equipment with vulnerabilities. After reclassification is carried out, the data of each classification can be counted and converted into a chart to be displayed in the vulnerability repair system, and through comprehensive analysis of the data of each classification, enterprises can be helped to select equipment more suitable for the enterprises. For example, a target vulnerability with the highest vulnerability level is determined, then the target vulnerability is subjected to joint analysis with a device manufacturer, and if the number of devices with the highest vulnerability level of a certain device manufacturer is the largest, whether other better device choices exist can be considered, so that the information security of the industrial control system is further improved.
104. And adopting the target vulnerability repair tool to repair the vulnerability to be repaired.
After the target vulnerability repair tool is obtained, the target vulnerability repair tool can be used for repairing the vulnerability to be repaired. The whole process can be automatically finished, the timeliness of bug repair is improved, and the repair efficiency of bugs is improved.
In order to facilitate the user to know about the vulnerability repair situation, the vulnerability repair method may further include:
acquiring vulnerability repair historical data of the industrial control system recorded by the vulnerability repair system, wherein the vulnerability repair historical data comprises repaired vulnerability data and unrepaired vulnerability data of the industrial control system;
displaying the repaired vulnerability data and the unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
After detecting the loophole to be repaired of the industrial control system and completing loophole repair, the loophole repair system records a piece of repaired loophole data and a piece of unrepaired loophole data, so that a user can visually know the current loophole repair condition of the system, the repaired loophole data and the unrepaired loophole data of the industrial control system can be converted into a chart form and displayed in an interface of the loophole repair system, and the visualization of the data is improved.
According to the method, the vulnerability information base is constructed in advance, the target vulnerability repair tool is determined from the vulnerability information base after the target vulnerability information is obtained, and finally the vulnerability to be repaired of the industrial control system is repaired through the target vulnerability repair tool.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Fig. 2 shows a block diagram of a bug fixing device of an industrial control system according to an embodiment of the present application, and only a part related to the embodiment of the present application is shown for convenience of description.
Referring to fig. 2, the apparatus includes:
a vulnerability information obtaining module 201, configured to detect a vulnerability to be repaired existing in the industrial control system;
a target vulnerability information obtaining module 202, configured to obtain target vulnerability information corresponding to the vulnerability to be repaired;
the target vulnerability repair tool searching module 203 is used for searching a corresponding target vulnerability repair tool from a pre-constructed vulnerability information base according to the target vulnerability information, wherein a plurality of preset known vulnerability information and a vulnerability repair tool corresponding to each known vulnerability information are recorded in the vulnerability information base;
and the vulnerability repairing module 204 is used for repairing the vulnerability to be repaired by adopting the target vulnerability repairing tool.
Further, the apparatus may further include:
the known vulnerability data crawling module is used for crawling each known vulnerability information of the industrial control system and a vulnerability repairing scheme of each known vulnerability information through a network, and the vulnerability repairing scheme records vulnerability repairing tools corresponding to the corresponding known vulnerability information;
the download link crawling module is used for crawling the download links of the bug fixing tools recorded in the bug fixing schemes through a network;
and the vulnerability information base construction module is used for downloading each vulnerability repair tool through the downloading link and constructing the vulnerability information base according to each known vulnerability information and each downloaded vulnerability repair tool.
Further, the target vulnerability information obtaining module 202 may include:
a log information acquisition unit for acquiring log information of the industrial control system;
the vulnerability information identification obtaining unit is used for analyzing the log information to obtain each vulnerability information identification contained in the log information;
and the target vulnerability information determining unit is used for determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifications.
Further, the apparatus may further include:
the information input button display module is used for displaying an information input button on an interface of the vulnerability repair system if the corresponding target vulnerability repair tool is not found from the vulnerability information base according to the target vulnerability information;
the vulnerability information input box display module is used for displaying a vulnerability information input box corresponding to the type of the target operation instruction if the target operation instruction of the information input button is detected;
and the vulnerability information base updating module is used for acquiring new vulnerability information input in the vulnerability information input box after an information storage instruction is detected, and adding the new vulnerability information into the vulnerability information base.
Further, the apparatus may further include:
the user identity acquisition module is used for acquiring the user identity information currently logged in the vulnerability repair system after a target operation instruction of the information input button is detected and before a vulnerability information input box corresponding to the type of the target operation instruction is displayed;
the first user identity confirmation module is used for executing the step of displaying the vulnerability information input box corresponding to the type of the target operation instruction and the subsequent steps if the user identity information belongs to the preset identity information corresponding to the target operation instruction of each type;
and the second user identity confirmation module is used for outputting indication information of the current user no-permission operation if the user identity information does not belong to the preset identity information corresponding to the target operation instructions of all types.
Further, the apparatus may further include:
the historical data acquisition module is used for acquiring vulnerability repair historical data of the industrial control system, which are recorded by the vulnerability repair system, wherein the vulnerability repair historical data comprise repaired vulnerability data and unrepaired vulnerability data of the industrial control system;
and the historical data display module is used for displaying the repaired vulnerability data and the unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
The embodiment of the application further provides a terminal device, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the vulnerability repairing method of each industrial control system provided by the application.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the bug fixing method of each industrial control system provided by the present application are implemented.
The embodiment of the present application further provides a computer program product, which when running on a terminal device, enables the terminal device to execute the steps of the vulnerability repairing method of each industrial control system provided by the present application.
Fig. 3 is a schematic structural diagram of a terminal device according to an embodiment of the present application. As shown in fig. 3, the terminal device 3 of this embodiment includes: at least one processor 30 (only one shown in fig. 3), a memory 31, and a computer program 32 stored in the memory 31 and executable on the at least one processor 30, the processor 30 implementing the steps in any of the above-described browser-driven configuration method embodiments when executing the computer program 32.
The terminal device 3 may be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices, and a smart watch, a smart bracelet and other wearable devices. The terminal device may include, but is not limited to, a processor 30, a memory 31. Those skilled in the art will appreciate that fig. 3 is only an example of the terminal device 3, and does not constitute a limitation to the terminal device 3, and may include more or less components than those shown, or combine some components, or different components, for example, and may further include an input/output device, a network access device, and the like.
The Processor 30 may be a Central Processing Unit (CPU), and the Processor 30 may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 31 may in some embodiments be an internal storage unit of the terminal device 3, such as a hard disk or a memory of the terminal device 3. The memory 31 may also be an external storage device of the terminal device 3 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 3. Further, the memory 31 may also include both an internal storage unit and an external storage device of the terminal device 3. The memory 31 is used for storing operating means, applications, bootloaders (bootloaders), data and other programs, such as program code of the computer program. The memory 31 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical functional division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another device, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or apparatus capable of carrying computer program code to a terminal device, recording medium, computer Memory, Read-Only Memory (ROM), Random-Access Memory (RAM), electrical carrier wave signals, telecommunications signals, and software distribution medium. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (10)

1. A vulnerability fixing method of an industrial control system is characterized by comprising the following steps:
detecting a vulnerability to be repaired existing in an industrial control system;
acquiring target vulnerability information corresponding to the vulnerability to be repaired;
searching a corresponding target vulnerability repair tool from a pre-constructed vulnerability information base according to the target vulnerability information, wherein a plurality of preset known vulnerability information and a vulnerability repair tool corresponding to each known vulnerability information are recorded in the vulnerability information base;
and adopting the target vulnerability repair tool to repair the vulnerability to be repaired.
2. The vulnerability fix method of claim 1, wherein the vulnerability information base is constructed by:
crawling each known vulnerability information of the industrial control system and a vulnerability repair scheme of each known vulnerability information through a network, wherein the vulnerability repair scheme records vulnerability repair tools corresponding to the corresponding known vulnerability information;
crawling the downloading link of each bug fixing tool recorded in each bug fixing scheme through a network;
and downloading each vulnerability repair tool through the download link, and constructing and obtaining the vulnerability information base according to each known vulnerability information and each downloaded vulnerability repair tool.
3. The vulnerability repair method of claim 2, wherein the obtaining target vulnerability information corresponding to the vulnerability to be repaired comprises:
acquiring log information of the industrial control system;
analyzing the log information to obtain each vulnerability information identifier contained in the log information;
and determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifications.
4. The vulnerability fix method of any of claims 1 to 3, further comprising:
if the corresponding target vulnerability repair tool is not found from the vulnerability information base according to the target vulnerability information, displaying an information input button on an interface of a vulnerability repair system;
if a target operation instruction for the information input button is detected, displaying a vulnerability information input box corresponding to the type of the target operation instruction;
and after an information storage instruction is detected, acquiring new vulnerability information input in the vulnerability information input box, and adding the new vulnerability information into the vulnerability information base.
5. The bug fixing method according to claim 4, wherein after detecting the target operation instruction for the information input button, before displaying the bug information input box corresponding to the type of the target operation instruction, further comprising:
acquiring the identity information of a user currently logging in the vulnerability repair system;
if the user identity information belongs to preset identity information corresponding to the target operation instructions of all types, executing a step of displaying a vulnerability information input box corresponding to the types of the target operation instructions and subsequent steps;
and if the user identity information does not belong to the preset identity information corresponding to the target operation instructions of all types, outputting indication information of the current user unauthorized operation.
6. The vulnerability fix method of claim 4, further comprising
Acquiring vulnerability repair historical data of the industrial control system recorded by the vulnerability repair system, wherein the vulnerability repair historical data comprises repaired vulnerability data and unrepaired vulnerability data of the industrial control system;
displaying the repaired vulnerability data and the unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
7. A vulnerability fixing device of an industrial control system, comprising:
the vulnerability information acquisition module is used for detecting vulnerabilities to be repaired existing in the industrial control system;
the target vulnerability information acquisition module is used for acquiring target vulnerability information corresponding to the vulnerability to be repaired;
the target vulnerability repair tool searching module is used for searching a corresponding target vulnerability repair tool from a pre-constructed vulnerability information base according to the target vulnerability information, and a plurality of preset known vulnerability information and a vulnerability repair tool corresponding to each known vulnerability information are recorded in the vulnerability information base;
and the vulnerability repairing module is used for repairing the vulnerability to be repaired by adopting the target vulnerability repairing tool.
8. The vulnerability fix apparatus of claim 7, wherein the apparatus further comprises:
the known vulnerability data crawling module is used for crawling each known vulnerability information of the industrial control system and a vulnerability repairing scheme of each known vulnerability information through a network, and the vulnerability repairing scheme records vulnerability repairing tools corresponding to the corresponding known vulnerability information;
the download link crawling module is used for crawling the download links of the bug fixing tools recorded in the bug fixing schemes through a network;
and the vulnerability information base construction module is used for downloading each vulnerability repair tool through the downloading link and constructing the vulnerability information base according to each known vulnerability information and each downloaded vulnerability repair tool.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the vulnerability fixing method according to any of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the vulnerability remediation method of any of claims 1-6.
CN202011534863.9A 2020-12-22 2020-12-22 Vulnerability restoration method and device for industrial control system Active CN112528295B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011534863.9A CN112528295B (en) 2020-12-22 2020-12-22 Vulnerability restoration method and device for industrial control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011534863.9A CN112528295B (en) 2020-12-22 2020-12-22 Vulnerability restoration method and device for industrial control system

Publications (2)

Publication Number Publication Date
CN112528295A true CN112528295A (en) 2021-03-19
CN112528295B CN112528295B (en) 2023-05-02

Family

ID=74975799

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011534863.9A Active CN112528295B (en) 2020-12-22 2020-12-22 Vulnerability restoration method and device for industrial control system

Country Status (1)

Country Link
CN (1) CN112528295B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113391752A (en) * 2021-06-21 2021-09-14 昆明理工大学 Interaction technology of mouse-based touch interactive equipment
CN115174379A (en) * 2022-07-27 2022-10-11 西安热工研究院有限公司 Vulnerability repair method and device of industrial control network and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270389A (en) * 2014-10-23 2015-01-07 国网湖北省电力公司电力科学研究院 Method and system for automatically restoring security configuration vulnerability of router/ interchanger
US20170098087A1 (en) * 2015-10-06 2017-04-06 Assured Enterprises, Inc. Method and system for identification of security vulnerabilities
CN107277021A (en) * 2017-06-26 2017-10-20 云南电网有限责任公司信息中心 A kind of new open leak coverage identification and remediation management system and method
CN110443046A (en) * 2019-08-14 2019-11-12 中国电子信息产业集团有限公司第六研究所 A kind of method and device of loophole reparation
US20200272743A1 (en) * 2017-09-14 2020-08-27 Siemens Corporation System and Method to Check Automation System Project Security Vulnerabilities

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270389A (en) * 2014-10-23 2015-01-07 国网湖北省电力公司电力科学研究院 Method and system for automatically restoring security configuration vulnerability of router/ interchanger
US20170098087A1 (en) * 2015-10-06 2017-04-06 Assured Enterprises, Inc. Method and system for identification of security vulnerabilities
CN107277021A (en) * 2017-06-26 2017-10-20 云南电网有限责任公司信息中心 A kind of new open leak coverage identification and remediation management system and method
US20200272743A1 (en) * 2017-09-14 2020-08-27 Siemens Corporation System and Method to Check Automation System Project Security Vulnerabilities
CN110443046A (en) * 2019-08-14 2019-11-12 中国电子信息产业集团有限公司第六研究所 A kind of method and device of loophole reparation

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113391752A (en) * 2021-06-21 2021-09-14 昆明理工大学 Interaction technology of mouse-based touch interactive equipment
CN113391752B (en) * 2021-06-21 2023-11-14 昆明理工大学 Interaction method of touch interaction equipment based on mouse
CN115174379A (en) * 2022-07-27 2022-10-11 西安热工研究院有限公司 Vulnerability repair method and device of industrial control network and storage medium

Also Published As

Publication number Publication date
CN112528295B (en) 2023-05-02

Similar Documents

Publication Publication Date Title
Costin et al. A {Large-scale} analysis of the security of embedded firmwares
CN103888490A (en) Automatic WEB client man-machine identification method
CN112637220A (en) Industrial control system safety protection method and device
CN112491602A (en) Behavior data monitoring method and device, computer equipment and medium
CN111104579A (en) Identification method and device for public network assets and storage medium
CN113342639B (en) Applet security risk assessment method and electronic device
CN111431753A (en) Asset information updating method, device, equipment and storage medium
CN112668010A (en) Method, system and computing device for scanning industrial control system for bugs
CN112528295B (en) Vulnerability restoration method and device for industrial control system
WO2021247913A1 (en) Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement
CN115150261B (en) Alarm analysis method, device, electronic equipment and storage medium
CN114422255A (en) Cloud security simulation detection system and detection method
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment
CN112988607B (en) Application program component detection method and device and storage medium
CN116668107A (en) Automatic patrol and network attack tracing method
CN115766258B (en) Multi-stage attack trend prediction method, equipment and storage medium based on causal relationship graph
CN111125066A (en) Method and device for detecting functions of database audit equipment
Mostafa et al. Netdroid: Summarizing network behavior of android apps for network code maintenance
CN112817816B (en) Embedded point processing method and device, computer equipment and storage medium
KR100614931B1 (en) Vulnerability analysis apparatus and method of web application
CN109714371B (en) Industrial control network safety detection system
CN114528552A (en) Security event correlation method based on vulnerability and related equipment
CN113127919A (en) Data processing method and device, computing equipment and storage medium
CN112818278B (en) Method and system for checking internet hosting website
CN115412358B (en) Network security risk assessment method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant