CN117240600B - Vulnerability detection method and device for industrial control system - Google Patents
Vulnerability detection method and device for industrial control system Download PDFInfo
- Publication number
- CN117240600B CN117240600B CN202311476911.7A CN202311476911A CN117240600B CN 117240600 B CN117240600 B CN 117240600B CN 202311476911 A CN202311476911 A CN 202311476911A CN 117240600 B CN117240600 B CN 117240600B
- Authority
- CN
- China
- Prior art keywords
- industrial control
- control system
- virtualized
- virtual
- topology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 26
- 230000006855 networking Effects 0.000 claims abstract description 54
- 238000011156 evaluation Methods 0.000 claims abstract description 23
- 230000003993 interaction Effects 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims description 41
- 238000012544 monitoring process Methods 0.000 claims description 23
- 230000000007 visual effect Effects 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 9
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 230000003068 static effect Effects 0.000 claims description 3
- 238000004088 simulation Methods 0.000 abstract description 38
- 238000007726 management method Methods 0.000 description 35
- 238000004891 communication Methods 0.000 description 16
- 238000004590 computer program Methods 0.000 description 14
- 238000012360 testing method Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 238000010248 power generation Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013480 data collection Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 239000008399 tap water Substances 0.000 description 1
- 235000020679 tap water Nutrition 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Computer And Data Communications (AREA)
Abstract
The application provides a vulnerability detection method and device of an industrial control system, which are applied to electronic equipment, and comprise the following steps: operating a virtual environment corresponding to the industrial control system to be detected; and building a topological structure of the industrial control system in the virtual environment according to the interaction relation of various devices in the industrial control system. And obtaining a virtualized topology networking of the industrial control system according to the topology structure, and performing vulnerability scanning on the virtualized topology networking to obtain a vulnerability assessment result of the industrial control system. According to the technical scheme, the topology structure of the industrial control system is built in the virtual environment, the whole industrial control system can be virtualized, the topology structure of the industrial control system is configured through the network, the real running condition of the virtual industrial control system is achieved, in the virtual environment, vulnerability scanning is conducted on a simulation scene through the vulnerability security evaluation module, and the security evaluation and detection of risk hidden danger of the industrial control system before the industrial control system is deployed are achieved.
Description
Technical Field
The application relates to the technical field of industrial control safety simulation analysis, in particular to a vulnerability detection method and device of an industrial control system.
Background
Industrial control systems often involve an important infrastructure of a city or country, such as electricity, gas, tap water, etc., and therefore the safety of the industrial control system is very important. When the actual scale and safety of the industrial control system need to be improved, if the industrial control system is upgraded on site without verification, undiscovered loopholes and hidden dangers can cause huge potential safety hazards. Aiming at potential safety hazard defending measures of an industrial control system, it is particularly important to perform vulnerability test on an industrial control operation platform, so that the security problem of an information platform infrastructure can be timely and accurately perceived, and smooth development and efficient and rapid development of business are ensured.
In the prior art, after a new industrial control operation platform is built, developers and testers need to perform vulnerability testing on the new industrial control operation platform, and a leak scanning tool is used for performing vulnerability scanning on a host and a webpage end of the new industrial control operation platform to generate a test report. The process is simple to operate, but the environment is set up in a lot of time.
Disclosure of Invention
The application provides a vulnerability detection method and device of an industrial control system, wherein the vulnerability detection method and device of the industrial control system are used for carrying out scanning detection on the vulnerability of the industrial control system in a scene by building a virtual simulation scene of the industrial control system before the industrial control system is deployed on site through a virtual simulation means, so that the risk hidden danger of the industrial control system is safely evaluated and detected.
The technical scheme is as follows:
in a first aspect, a method for detecting a vulnerability of an industrial control system is provided, where the method is applied to an electronic device, and includes: running a virtual environment corresponding to the industrial control system to be detected in the electronic equipment;
building a topological structure of the industrial control system in the virtual environment according to the interaction relation of various devices in the industrial control system, wherein the topological structure is used for reflecting the connection relation between the virtualized components corresponding to the various devices of the industrial control system;
obtaining a virtualized topology networking of the industrial control system according to the topology structure;
and performing vulnerability scanning on the virtualized topology networking to obtain a vulnerability assessment result of the industrial control system.
The embodiment of the application provides a vulnerability detection method of an industrial control system, which can virtualize equipment of the whole industrial control system by building a topology networking of the industrial control system in a virtual environment. And then the topology structure of the industrial control system is converted into a virtualized topology networking through network configuration, so that the real running environment of the virtualized industrial control system can be realized. In the virtual environment, vulnerability scanning is carried out on the virtualized network topology environment through a vulnerability security evaluation module, and a vulnerability evaluation report of a simulation scene of the industrial control system is obtained. According to the embodiment of the application, before the industrial control system is deployed to the site, a virtual simulation scene is quickly built, and the loopholes of the industrial control system are scanned in the simulation scene, so that the risk hidden danger of the industrial control system is safely evaluated and detected.
Optionally, the method further comprises: collecting data interacted by various devices in the industrial control system built in the virtual environment, and displaying the data; and monitoring various devices in the industrial control system.
Optionally, before running the virtual environment corresponding to the industrial control system to be detected in the electronic device, the method includes: performing virtualized cluster management on the electronic device;
creating a virtual machine according to the virtualized cluster management, and connecting the virtual machine with a plurality of virtualized components in a cloud resource pool of the electronic equipment;
address configuration is carried out on a plurality of virtualized components, and an operating system of the virtual machine is deployed;
and customizing the virtual machine and the plurality of virtualization components connected with the virtual machine into templates of one or more virtual environments through mirror image files, wherein different templates of the virtual environments correspond to different types of industrial control systems, and the templates of the one or more virtual environments are used for obtaining the virtual environments corresponding to the industrial control systems.
Optionally, the electronic device has a cloud resource pool, where one or more virtualized components are stored in the cloud resource pool, and building a topology structure of the industrial control system in the virtual environment according to interaction relationships of various devices of the industrial control system, where the building includes:
Responding to a first operation of a user, displaying a graphical editing interface, wherein the editing interface displays one or more identifications of the virtualized components;
detecting a first selection operation input by a user at the editing interface for a plurality of the virtualized components in the one or more virtualized components;
generating the topology structure of the industrial control system according to the selected plurality of virtualized components in response to the first selection operation;
and configuring network configuration parameters and/or storage configuration parameters of each virtualized component forming the topological structure to obtain the virtualized topological networking.
Optionally, the configuring network configuration parameters and/or storage configuration parameters of each of the virtualized components forming the topology structure, to obtain the virtualized topology network, includes:
displaying a plurality of the virtualized components constituting the topology;
detecting configuration operation of a user for any one of the virtualized components in the topological structure;
and updating network configuration parameters and/or storage configuration parameters of any one of the virtualized components in response to the configuration operation to obtain the virtualized topology networking.
Optionally, the configuring includes configuring network configuration parameters and/or storing configuration parameters of each of the virtualized components of the topology, so as to obtain the virtualized topology network, and the method further includes:
and converting the topological structure into the virtualized topological networking through a visualized topological networking engine.
Optionally, the collecting data interacted by various devices in the industrial control system built in the virtual environment, and displaying the data includes: flow data, network data and platform data, wherein the network data at least comprises network static configuration, network real-time state and various performance data;
the platform data comprises proxy data, system resource information and network topology information;
analyzing the data acquired by the data acquisition module;
the data is presented in the virtual environment.
Optionally, the performing vulnerability scanning on the virtualized topology network to obtain a vulnerability assessment report of the industrial control system includes:
installing a proxy or service in the virtual environment, wherein the proxy or the service is used for accessing files and processes of the virtualized topology network;
accessing files and processes of the virtualized topology network through the proxy or service;
And generating the vulnerability assessment result according to the file and the process of the virtualized topology networking.
In a second aspect, a vulnerability detection device of an industrial control system is provided, including: the operation module is used for operating the virtual environment corresponding to the industrial control system to be detected in the electronic equipment;
the construction module is used for constructing a topological structure of the industrial control system according to the interaction relation of various devices of the industrial control system in the virtual environment, wherein the topological structure is used for reflecting the network structures of the various devices of the industrial control system;
the conversion module converts the topological structure into a virtualized topological networking;
and the evaluation module is used for carrying out vulnerability scanning on the virtualized topology networking to obtain a vulnerability evaluation result of the industrial control system.
Optionally, the apparatus further includes: and the monitoring module is used for collecting the data interacted with various devices in the industrial control system built in the virtual environment, displaying the data and monitoring various devices in the industrial control system.
In a third aspect, there is provided a computer device comprising: a memory and a processor, the memory for storing a computer program; the processor is used for executing the vulnerability detection method when the computer program is called.
It will be appreciated that the advantages of the second and third aspects may be referred to in the description of the first aspect, and will not be described in detail herein.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a vulnerability detection method of an industrial control system provided in an embodiment of the present application;
FIG. 2 is a schematic diagram of a solution for security detection and evaluation of an industrial control system according to an embodiment of the present application;
FIG. 3 is a flow chart of data collection and monitoring of an industrial control system according to an embodiment of the present disclosure;
FIG. 4 is a fast integration system of a simulation environment provided by an embodiment of the present application;
FIG. 5 is a flowchart of a method for detecting and evaluating vulnerabilities of an industrial control system according to an embodiment of the present disclosure;
fig. 6 is a leak detection apparatus of an industrial control system provided in an embodiment of the present application;
fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
It should be understood that reference herein to "a plurality" means two or more. In the description of the present application, "/" means or, unless otherwise indicated, for example, a/B may represent a or B; "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, for the purpose of facilitating the clear description of the technical solutions of the present application, the words "first", "second", etc. are used to distinguish between the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
Before explaining the embodiments of the present application in detail, application scenarios of the embodiments of the present application are described.
Aiming at potential safety hazard defending measures of an industrial control system, it is particularly important to perform vulnerability testing on an industrial control operation platform. The vulnerability scanning can timely and accurately detect the security of the information platform infrastructure, and ensure smooth development of business. After an industrial control system operation platform is built, developers and testers need to perform vulnerability testing on the industrial control system operation platform, vulnerability scanning tools are used for performing vulnerability scanning on a host and a webpage end of the industrial control system operation platform, and a test report is generated. In order to guarantee the potential safety hazard of the industrial control system, the method for detecting the loopholes of the industrial control system is provided by a method for simulating the scene, so that a virtual simulation scene can be quickly built before a new industrial control system is deployed on site by a virtual simulation means, and the loopholes of the industrial control system are detected and analyzed in the scene, so that the potential risk of the industrial control system is safely evaluated and detected.
As shown in fig. 1, an embodiment of the present application provides a vulnerability detection method of an industrial control system, which is applied to an electronic device, and the method includes:
step 101: and running a virtual environment corresponding to the industrial control system to be detected in the electronic equipment.
The electronic equipment is provided with a plurality of virtual environment templates, different virtual environment templates correspond to different industrial control systems, and one target virtual environment template is selected from the plurality of virtual environment templates according to the types of the industrial control systems to build a virtual environment corresponding to the industrial control system to be detected.
For example, the user may select one virtual environment template applicable to the industrial control system from a plurality of virtual environment templates provided in the electronic device according to the type of the industrial control system.
Or the user can input attribute information such as the type of the industrial control system to the electronic equipment, so that the electronic equipment selects one virtual environment template applicable to the industrial control system from a plurality of virtual environment templates according to the type of the industrial control system. Or, the user can input attribute information such as the type of the industrial control system to the electronic equipment, so that the electronic equipment deploys a virtual environment corresponding to the industrial control system in the electronic equipment according to the type of the industrial control system.
Step 102: and building a topological structure of the industrial control system in the virtual environment according to the interaction relation of various devices of the industrial control system. The topology structure is used for reflecting the connection relation between the virtualized components corresponding to various devices of the industrial control system.
By way of example, various devices in an industrial control system are specified, as well as the interaction relationships of the various devices. And carrying out virtualized resource management on hardware entity resources in the industrial control system, namely acquiring various virtualized components from a cloud resource pool formed by the various virtualized components in a dragging mode by using a grid canvas through a visual topology networking engine based on a front-end hypertext markup language technology. And selecting a virtual operating system component, a virtual programmable logic controller component, a virtual switch component, a virtual firewall component and the like from the cloud resource pool according to the actual equipment of the industrial control system and the virtual components corresponding to the equipment from the cloud resource pool, and connecting the virtual operating system component, the virtual programmable logic controller component, the virtual switch component, the virtual firewall component and the like with the virtual components corresponding to the equipment to obtain the topological structure of the industrial control system.
Step 103: and obtaining the virtualized topology networking of the industrial control system according to the topology structure.
By way of example, the virtualized topology networking can be obtained by converting the topology structure of the industrial control system through a visual topology networking engine, and the visual topology networking engine automatically configures various virtualized components and networks of virtual machines in the topology structure to realize the establishment of simulation scenes of the industrial control system.
Step 104: and performing vulnerability scanning on the virtualized topology networking to obtain a vulnerability assessment result of the industrial control system.
The vulnerability scanning is realized through a vulnerability security evaluation module. And in the virtual environment, after the simulation scene of the industrial control system is built, the vulnerability security evaluation module obtains the virtual topology networking, selects the simulation scene, and performs vulnerability scanning analysis on all the virtualized components in the simulation scene to obtain a vulnerability evaluation report.
In one embodiment of the present application, as shown in fig. 2, fig. 2 provides a solution for safety detection and evaluation of an industrial control system. The simulation scene of the industrial control system is built, and the virtual environment 202 is generated by the connection management 201 of the virtualization cluster, wherein various virtualization components required by the virtual environment are all from the resource pool 203. The topology structure is built through the visual grid at the front end, a grid topology building scene 204 is carried out, virtualized components corresponding to various devices in the industrial control system are obtained from a resource pool, the visual topology structure is generated, automatic configuration is carried out, and the building of a simulation scene is realized. In a virtual environment, all devices in the simulation scene are monitored 205. In the virtual environment, security detection assessment is performed on the simulation scenario and report 206 is generated based on the data collected by the monitoring.
The embodiment of the application provides a vulnerability detection method of an industrial control system, which can virtualize equipment of the whole industrial control system by building a topology networking of the industrial control system in a virtual environment. And then the topology structure of the industrial control system is converted into a virtualized topology networking through network configuration, so that the real running environment of the virtualized industrial control system can be realized. In the virtual environment, vulnerability scanning is carried out on the virtualized network topology environment through a vulnerability security evaluation module, and a vulnerability evaluation report of a simulation scene of the industrial control system is obtained. According to the embodiment of the application, before the industrial control system is deployed to the site, a virtual simulation scene is quickly built, and the loopholes of the industrial control system are scanned in the simulation scene, so that the risk hidden danger of the industrial control system is safely evaluated and detected.
In one embodiment of the present application, the vulnerability detection method of the industrial control system further includes: and collecting data interacted by various devices in an industrial control system built in the virtual environment, and displaying the data. Various devices in the industrial control system are monitored.
In one embodiment of the present application, as shown in fig. 3, when a simulation environment is started to be built, step 301 forms a resource pool into a virtualization; step 302, dragging the virtualized assembly out of the cloud resource pool to build a topological structure, namely generating a visual topological networking; step 303, constructing a scene through the virtualized assembly, namely after configuring a network, forming a simulation environment by visualizing topology networking. The data collection component in the resource pool starts to collect data of the virtual component in the topology network and the running state of the simulation scene, such as a programmable logic controller (Programmable Logic Controller, PLC) simulation component, and uploads the collected data to the virtualization component, such as an engineer station and an operator station, for monitoring.
In one possible implementation manner of this embodiment, taking an industrial control system as a thermal power generation system as an example, a thermal power generation simulation scene is built, and the thermal power generation simulation scene is divided into three areas, which are respectively: a production management area, a data analysis area and an information management area. According to the thermal power generation simulation scene, virtual components such as a safety instrument system (Safety Instrumented System, SIS) virtual component, a management information system (Management Information System, MIS) virtual component, a Modbus simulation component, a programmable logic controller (Programmable Logic Controller, PLC) simulation component, an operator station (virtual host), an engineer station (virtual host) and a data server are selected through a cloud resource pool at the bottom layer to serve as modules for data acquisition monitoring and management control. And the user drags the virtual component by using the visual topology networking engine to generate a simulation environment, and network communication and configuration are completed through the switch virtual component and the firewall virtual component. The data acquisition is carried out through the Modbus simulation component, the PLC simulation component, the operator station (virtual host) and the engineer station (virtual host), the analysis of the data acquisition is carried out through the SIS system virtual component, and the acquired data is displayed through the MIS system virtual component, the front-end portal website and other components.
In one embodiment of the present application, before running a virtual environment corresponding to an industrial control system to be detected in an electronic device, the method includes: virtualized cluster management is performed on an electronic device. Creating a virtual machine according to the virtualized cluster management, and connecting the virtual machine with a plurality of virtualized components in a cloud resource pool of the electronic device. Address configuration is carried out on the plurality of virtualized components, and an operating system of the virtual machine is deployed. And customizing the virtual machine and a plurality of virtualization components connected with the virtual machine into one or more virtual environment templates through the mirror image file, wherein different virtual environment templates correspond to different types of industrial control systems.
Wherein, the virtualized cluster management is to drag the virtualized component.
Fig. 4 provides a fast integration system of a simulation environment, which is based on a visual topology networking engine, and is used for setting up a virtual environment, a simulation scene of an industrial control system and the like on a fast setting up platform portal site, and collecting and monitoring data of each virtual component in the virtual environment.
The concrete explanation is as follows:
the scene quick-building platform portal comprises a user self-service portal, a target range operation management portal and a target range operation and maintenance management portal which are all displayed through front-end pages. On the front-end page, based on the visual topology networking engine, virtualization cluster management, template management, mirror management, component resource management and monitoring management can be performed.
The application service and the operation engine are responsible for defining information such as structure, flow and the like of the service and are used for forming complete service life cycle management, and specifically comprise the following steps: assembling atomic services, generating business services, publishing business services to a service directory, and monitoring service operating conditions. Wherein an administrator can monitor the overall status of all service instances through the application service and the running engine.
The visual topology networking engine is realized based on the hypertext markup language technology of the front end, and is specifically a grid canvas for editing the topology structure of a network, which is provided with a graphical editing interface and provides a component library composed of virtualized components corresponding to various communication entities, such as a switch, a router, a programmable logic controller, a server, an engineer station and the like, and a user can quickly and conveniently configure the network topology structure in the working area of the grid canvas through simple drag and drop operation and can also set the attribute of various virtualized components in the network topology structure.
The physical resource layer contains three aspects of content, namely, computer, network and storage. The rapid build platform system based on standardized computing, storage, and network build scenarios is dynamic, highly automated, and software defined. A user can configure a suitable, flexible physical resource system as desired. In the embodiment, the standard X86 architecture-based server can be deployed faster and managed better to meet the requirement of long-term expansion.
The cloud resource pool infrastructure refers to a logic component for managing and scheduling software and hardware resources, and is responsible for constructing a resource pool, generating technical services of simple resource supply, and defining an operation flow of resource operation and maintenance. In order to form a resource pool, devices having the same attribute are generally installed in a centralized manner, connected to each other, and supervised and configured through a certain management software. The resource pool consists of a group of resources with the same attribute devices, and a user can apply resources from the resource pool through cloud resource pool infrastructure management layer software, specify the configuration of the resource instance and manage the operation of the resource instance. An administrator may monitor the resource usage, health, and performance of each resource pool. The resource management layer will issue all the resource operation interfaces in the form of technical service. This layer is to mask out differences in different virtualization categories and physical devices, etc., so that the upper layer cannot perceive.
The data acquisition and monitoring generally uses an acquisition device to acquire flow data, network data and platform data of a platform, the flow data is acquired in a data packet form, the three data are used as data sources to be sent to a data monitoring system, and the data monitoring system carries out deep analysis on the data sources and then sends the data sources to an application service and an operation engine through a data interface and then displays the data sources in a page.
In one embodiment of the present application, an electronic device has a cloud resource pool, in which one or more virtualized components are stored, a simulation scene is built in a virtual environment, the simulation scene is the topology structure of an industrial control system, and the method includes: and responding to a first operation of a user, displaying a graphical editing interface, wherein the identification of one or more virtualized components is displayed on the editing interface. A first selection operation input by a user at an editing interface is detected for a plurality of virtualized components of the one or more virtualized components. And responding to the first selection operation, generating a topological structure of the industrial control system according to the selected plurality of virtualized components, wherein nodes of the topological structure correspond to one virtualized component forming the topological structure, and the nodes of the topological structure represent one device of the industrial control system. And configuring network configuration parameters and/or storage configuration parameters of each virtualized component forming the topological structure to obtain the virtualized topological networking.
In one embodiment of the present application, the network parameters of each virtual component forming the topology are configured to obtain a virtualized topology network, and the method further includes: a plurality of virtualized components that make up a topology are displayed. A second selection operation for any virtualized component entered by a user on the topology is detected. And in response to the second selection operation, updating the network configuration parameters and/or the storage configuration parameters of any virtualized component to obtain the virtualized topology networking.
For example, the generated topology is displayed on an operation interface of the visual topology networking, wherein a plurality of virtualized components constituting the topology can all operate. As an example, the user performs a second selection operation on a virtualized component corresponding to the first device in the industrial control system, where the virtualized component performs network parameter configuration and storage parameter configuration.
In one embodiment of the application, the network configuration parameters and/or the storage configuration parameters of each virtualized component forming the topology structure are configured to obtain the virtualized topology networking, and the virtualized topology networking can be realized through a visual topology networking engine, and the visual topology networking engine can convert the topology structure into the virtualized topology networking.
After the topology structure of the industrial control system is built in the virtual environment, the visual topology networking engine can automatically perform network configuration or storage configuration on the topology structure.
It is worth to say that the network with the configured topology structure can be automatically configured by the visual topology networking engine according to the built topology structure of the industrial control system. However, because a certain error exists in automatic configuration, that is, the configuration is not necessarily completely correct, on the operation interface of the visual topology networking, a user can manually configure the virtualized components of any topology structure.
In one embodiment of the present application, data interacted with by various devices in an industrial control system built in a virtual environment is collected, and the data is displayed, where the data includes: traffic data, network data, and platform data.
Wherein, the form of the flow data is a data packet; the network data at least comprises network static configuration, network real-time state and various performance data; the platform data includes proxy data, system resource information, and network topology information. And sending the data to a monitoring management module, analyzing the data by the monitoring management module, and sending the analyzed result to the virtual environment for display.
As an example, as shown in fig. 4, the data acquisition device is connected to a physical resource layer, i.e., a computer device. The virtual environment in the physical resource layer, the cloud resource pool and various virtual components in the simulation scene of the industrial control system send running data to the data acquisition equipment, for example, the number of virtual components used for constructing the simulation environment of the industrial control system, the number of running virtual components, the virtual machine memory used for occupying the simulation scene, the creation time, the use time and the like. The data acquisition equipment stores the acquired data, sends the data to a monitoring management module in the virtual environment for analysis, and displays the data on the basis of a visual topology networking engine.
In one embodiment of the present application, performing vulnerability scanning on a virtualized topology network to obtain a vulnerability assessment report of an industrial control system includes: agents or services are installed in the virtual environment for accessing files and processes of the virtualized topology network. And generating an evaluation report according to the file and the process of the virtualized topology networking.
Fig. 5 is a flowchart of a vulnerability detection and assessment method of an industrial control system provided in the embodiment of the present application, where a scene quick building platform 508 is shown in a front-end page form, and the page includes seven modules required for building a simulation scene, performing monitoring management, and performing vulnerability detection: a virtualized connection module 501, a template management module 502, a mirror management module 503, a component resource module 504, a scene management module 505, a monitoring management module 506, and a vulnerability security assessment module 507.
Step 1: the application programming interface (Application Programming Interface, API) is called through the address of the connected virtual environment platform to perform data docking, so that the virtual environment platform can perform data communication with the virtual environment, a user can newly add a plurality of virtual environments in a dragging mode through the virtualized connection module 501, and a certain virtual environment can be designated to be started to operate.
Step 2: the user template management module 502 performs manual new building of a virtual machine in a virtual environment, deploys a specified operating system for the virtual machine, configures environment variables in the operating system and deploys needed software, and customizes the virtual machine into a template for a user to use; the image management module 503 is used for supporting according to the existing image library, so that downloading and editing of source files, uploading and configuring of installation development tools (for example, cloud-init) can be omitted, and refreshing image resources can be obtained by one key in the image management module 503, and image expansion and basic start-stop operation are supported; the component resource module 504 is configured to virtualize various communication entities in the industrial control systems in combination with real scenes of the different industrial control systems, form virtualized components, and provide a component library composed of virtualized components corresponding to the various communication entities.
Step 3: building a topological structure of the industrial control system and configuring a network to form a simulation scene. The scene management module 505 effectively manages and controls computing resources, storage resources and network resources, can flexibly construct different service scenes according to actual requirements, maximally optimizes the utilization efficiency of entity resources, and realizes fast iteration from simple to complex multiple scenes.
Step 4: each created simulation scene is monitored by the monitoring management module 506, including the number of components used by the simulation scene, the number of operating components, the occupied virtual machine memory used, the creation time, the use time, and the like, and is displayed. The super administrator can also enter a topological structure diagram of the user to control the user.
Step 5: and performing vulnerability scanning on the virtual environment and the front end through a front-end page and a vulnerability security evaluation module 507 on a scene rapid building platform to generate a vulnerability detection report, and providing a corresponding modification guiding scheme for modification and adjustment of research personnel.
Fig. 6 is a schematic diagram of a leak detection apparatus 60 of an industrial control system according to an embodiment of the present application, including: and the operation module 601 is configured to operate a virtual environment corresponding to the industrial control system to be detected in the electronic device. The construction module 602 is configured to construct a topology structure of the industrial control system according to interaction relationships of various devices of the industrial control system in the virtual environment, where the topology structure is used for reflecting network structures of the various devices of the industrial control system. The conversion module 603 converts the topology into a virtualized topology networking. And the evaluation module 604 is used for performing vulnerability scanning on the virtualized topology network to obtain a vulnerability evaluation result of the industrial control system.
In one embodiment of the present application, a vulnerability detection device of an industrial control system is provided, including: the monitoring module 605 is configured to collect data interacted with various devices in the industrial control system built in the virtual environment, display the data, and monitor the various devices in the industrial control system.
Fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 7, the computer device 701 includes: the steps in the synchronous data method in the above embodiments are implemented by the processor 7011, the memory 7012, and the computer program 7013 stored in the memory 7012 and executable on the processor 7011 when the processor 7011 executes the computer program 7013.
The computer device 701 may be a general purpose computer device or a special purpose computer device. In a specific implementation, the computer device 701 may be a desktop, a portable computer, a network server, a palmtop, a mobile handset, a tablet, a wireless terminal device, a communication device, or an embedded device, and embodiments of the present application are not limited to the type of computer device 701. It will be appreciated by those skilled in the art that fig. 7 is merely an example of a computer device 701 and is not intended to be limiting of the computer device 701, and may include more or fewer components than shown, or may combine certain components, or different components, such as may also include input-output devices, network access devices, etc.
The processor 7011 may be a central processing unit (Central Processing Unit, CPU), the processor 7011 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or may be any conventional processor.
The memory 7012 may be an internal storage unit of the computer device 701 in some embodiments, such as a hard disk or a memory of the computer device 701. The memory 7012 may also be an external storage device of the computer device 701 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the computer device 701. Further, the memory 7012 may also include both internal and external storage units of the computer device 701. The memory 7012 is used to store an operating system, application programs, boot Loader (Boot Loader), data, and other programs, and the like. The memory 7012 may also be used to temporarily store data that has been output or is to be output.
The present application also provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the respective method embodiments described above.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. With such understanding, the present application implements all or part of the flow of the above-described method embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, may implement the steps of the above-described method embodiments. Wherein the computer program comprises computer program code which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing apparatus/terminal device, recording medium, computer Memory, ROM (Read-Only Memory), RAM (Random Access Memory ), CD-ROM (Compact Disc Read-Only Memory), magnetic tape, floppy disk, optical data storage device, and so forth. The computer readable storage medium mentioned in the present application may be a non-volatile storage medium, in other words, a non-transitory storage medium.
The embodiment of the application also provides a chip, which comprises a processor, wherein the processor is coupled with a communication interface, and the processor is used for running a computer program or instructions to realize the data synchronization method according to the embodiment, and the communication interface is used for communicating with other modules outside the chip.
The embodiment of the application also provides a communication device, which comprises: the communication device comprises a communication interface and at least one processor, wherein the at least one processor is connected with the communication interface, the at least one processor is coupled with a memory, the at least one processor is used for executing instructions stored in the memory to execute the data synchronization method of the embodiment, and the communication interface is used for communicating with other modules outside the communication device.
It should be understood that all or part of the steps to implement the above-described embodiments may be implemented by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The computer instructions may be stored in the computer-readable storage medium described above.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in this application, it should be understood that the disclosed apparatus/computer device and method may be implemented in other ways. For example, the apparatus/computer device embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (10)
1. A vulnerability detection method of an industrial control system, wherein the method is applied to an electronic device, the method comprising:
running a virtual environment corresponding to the industrial control system to be detected in the electronic equipment;
Building a topological structure of the industrial control system in the virtual environment according to the interaction relation of various devices in the industrial control system, acquiring virtualization components corresponding to the various devices from a cloud resource pool by utilizing a grid canvas through a visual topology networking engine, and selecting a virtual operating system component, a virtual programmable logic controller component, a virtual switch component and a virtual firewall component from the cloud resource pool according to the actual running environment of the industrial control system;
the virtual operating system component, the virtual programmable logic controller component, the virtual switch component and the virtual firewall component are connected with virtualization components corresponding to various devices to obtain a topological structure of the industrial control system, wherein the topological structure is used for reflecting the connection relation between the virtualization components corresponding to the various devices of the industrial control system;
obtaining a virtualized topology networking of the industrial control system according to the topology structure;
and performing vulnerability scanning on the virtualized topology network by using a vulnerability security evaluation module to obtain a vulnerability evaluation result of the industrial control system, wherein the vulnerability evaluation result comprises the position of the vulnerability and a corresponding modification guiding scheme.
2. The method according to claim 1, wherein the method further comprises:
collecting data interacted by various devices in the industrial control system built in the virtual environment, and displaying the data;
and monitoring various devices in the industrial control system.
3. The method according to claim 1, wherein before running a virtual environment corresponding to an industrial control system to be detected in the electronic device, the method comprises:
performing virtualized cluster management on the electronic device;
creating a virtual machine according to the virtualized cluster management, and connecting the virtual machine with a plurality of virtualized components in a cloud resource pool of the electronic equipment;
address configuration is carried out on a plurality of virtualized components, and an operating system of the virtual machine is deployed;
and customizing the virtual machine and the plurality of virtualization components connected with the virtual machine into templates of one or more virtual environments through mirror image files, wherein different templates of the virtual environments correspond to different types of industrial control systems, and the templates of the one or more virtual environments are used for obtaining the virtual environments corresponding to the industrial control systems.
4. The method of claim 1, wherein the electronic device has a cloud resource pool in which one or more virtualized components are stored, building a topology of the industrial control system in the virtual environment according to interactions of various devices of the industrial control system, comprising:
responding to a first operation of a user, displaying a graphical editing interface, wherein the editing interface displays one or more identifications of the virtualized components;
detecting a first selection operation input by a user at the editing interface for a plurality of the virtualized components in the one or more virtualized components;
generating the topology structure of the industrial control system according to the selected plurality of virtualized components in response to the first selection operation;
and configuring network configuration parameters and/or storage configuration parameters of each virtualized component forming the topological structure to obtain the virtualized topological networking.
5. The method according to claim 4, wherein said configuring network configuration parameters and/or storing configuration parameters of each of said virtualized components constituting said topology results in said virtualized topology networking comprising:
Displaying a plurality of the virtualized components constituting the topology;
detecting configuration operation of a user for any one of the virtualized components in the topological structure;
and updating network configuration parameters and/or storage configuration parameters of any one of the virtualized components in response to the configuration operation to obtain the virtualized topology networking.
6. The method of claim 4, wherein said configuring network configuration parameters and/or storing configuration parameters for each of said virtualized components comprising said topology results in said virtualized topology networking, said method further comprising:
and converting the topological structure into the virtualized topological networking through a visualized topological networking engine.
7. The method according to claim 2, wherein the collecting data of various device interactions in the industrial control system built in the virtual environment, and presenting the data, the data includes: flow data, network data and platform data, wherein the network data at least comprises network static configuration, network real-time state and various performance data;
the platform data comprises proxy data, system resource information and network topology information;
Analyzing the data acquired by the data acquisition module;
the data is presented in the virtual environment.
8. The method according to any one of claims 1 to 7, wherein performing vulnerability scanning on the virtualized topology network to obtain a vulnerability assessment report of the industrial control system includes:
installing a proxy or service in the virtual environment, wherein the proxy or the service is used for accessing files and processes of the virtualized topology network;
accessing files and processes of the virtualized topology network through the proxy or service;
and generating the vulnerability assessment result according to the file and the process of the virtualized topology networking.
9. A vulnerability detection apparatus for an industrial control system, the apparatus comprising:
the operation module is used for operating the virtual environment corresponding to the industrial control system to be detected in the electronic equipment;
the construction module is used for constructing a topological structure of the industrial control system in the virtual environment according to the interaction relation of various devices of the industrial control system, acquiring virtualized components corresponding to the various devices from a cloud resource pool by utilizing a grid canvas through a visual topology networking engine, and selecting a virtual operating system component, a virtual programmable logic controller component, a virtual switch component and a virtual firewall component from the cloud resource pool according to the actual running environment of the industrial control system;
The virtual operating system component, the virtual programmable logic controller component, the virtual switch component and the virtual firewall component are connected with virtualization components corresponding to various devices to obtain a topological structure of the industrial control system, wherein the topological structure is used for reflecting network structures of the various devices of the industrial control system;
the conversion module is used for obtaining a virtualized topology networking of the industrial control system according to the topology structure;
and the vulnerability security evaluation module is used for carrying out vulnerability scanning on the virtualized topology networking to obtain a vulnerability evaluation result of the industrial control system, wherein the vulnerability evaluation result comprises the position of the vulnerability and a corresponding modification guiding scheme.
10. The apparatus of claim 9, wherein the apparatus further comprises:
and the monitoring module is used for collecting the data interacted with various devices in the industrial control system built in the virtual environment, displaying the data and monitoring various devices in the industrial control system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311476911.7A CN117240600B (en) | 2023-11-08 | 2023-11-08 | Vulnerability detection method and device for industrial control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311476911.7A CN117240600B (en) | 2023-11-08 | 2023-11-08 | Vulnerability detection method and device for industrial control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117240600A CN117240600A (en) | 2023-12-15 |
| CN117240600B true CN117240600B (en) | 2024-03-19 |
Family
ID=89086326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311476911.7A Active CN117240600B (en) | 2023-11-08 | 2023-11-08 | Vulnerability detection method and device for industrial control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117240600B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107948305A (en) * | 2017-12-11 | 2018-04-20 | 北京百度网讯科技有限公司 | Vulnerability scanning method, apparatus, equipment and computer-readable medium |
| CN110098951A (en) * | 2019-03-04 | 2019-08-06 | 西安电子科技大学 | A kind of network-combination yarn virtual emulation based on virtualization technology and safety evaluation method and system |
| CN112350843A (en) * | 2019-08-09 | 2021-02-09 | 烽火通信科技股份有限公司 | Scene type cutting and connecting method and system based on virtual component |
| CN113965515A (en) * | 2021-09-26 | 2022-01-21 | 杭州安恒信息技术股份有限公司 | Virtualized network link visualization method, system, computer and storage medium |
| CN115333787A (en) * | 2022-07-20 | 2022-11-11 | 烽台科技(北京)有限公司 | Automatic safety testing method, system and storage medium for 5G industrial control network system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11930031B2 (en) * | 2020-06-23 | 2024-03-12 | Tenable, Inc. | Distributed network based vulnerability scanning via endpoint agent deployment |
-
2023
- 2023-11-08 CN CN202311476911.7A patent/CN117240600B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107948305A (en) * | 2017-12-11 | 2018-04-20 | 北京百度网讯科技有限公司 | Vulnerability scanning method, apparatus, equipment and computer-readable medium |
| CN110098951A (en) * | 2019-03-04 | 2019-08-06 | 西安电子科技大学 | A kind of network-combination yarn virtual emulation based on virtualization technology and safety evaluation method and system |
| CN112350843A (en) * | 2019-08-09 | 2021-02-09 | 烽火通信科技股份有限公司 | Scene type cutting and connecting method and system based on virtual component |
| CN113965515A (en) * | 2021-09-26 | 2022-01-21 | 杭州安恒信息技术股份有限公司 | Virtualized network link visualization method, system, computer and storage medium |
| CN115333787A (en) * | 2022-07-20 | 2022-11-11 | 烽台科技(北京)有限公司 | Automatic safety testing method, system and storage medium for 5G industrial control network system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117240600A (en) | 2023-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180012145A1 (en) | Machine learning based analytics platform | |
| US20140365196A1 (en) | Infrastructure Model Generation System And Method | |
| JP6045134B2 (en) | Parallel workload simulation for application performance testing | |
| JP2017506843A (en) | Method and apparatus for visual network operation and maintenance | |
| CN110166285A (en) | A kind of network security experiment porch building method based on Docker | |
| US20200241516A1 (en) | Devices, methods, and systems for a distributed rule based automated fault detection | |
| CN106484623A (en) | A kind of method of software test, apparatus and system | |
| CN105847088A (en) | Virtual machine performance testing system based on cloud service | |
| CN110515522B (en) | Access method and device of equipment data, computer equipment and storage medium | |
| CN103544100A (en) | Method, system and client side for testing APP of portable data processing equipment | |
| CN107733735B (en) | Script recording system and method implanted in pressure measurement device | |
| CN112052607A (en) | Intelligent penetration testing method and device for power grid equipment and system | |
| KR20140099109A (en) | System and method for supporting evaluation of application service by using multiple clouds | |
| US9164746B2 (en) | Automatic topology extraction and plotting with correlation to real time analytic data | |
| CN117240600B (en) | Vulnerability detection method and device for industrial control system | |
| EP4152715A1 (en) | Method and apparatus for determining resource configuration of cloud service system | |
| WO2012062515A1 (en) | Method and system for visualising a system model | |
| CN111930621A (en) | DNS automation performance testing method, device, equipment and readable storage medium | |
| CN112199273A (en) | Virtual machine pressure/performance testing method and system | |
| KR20170044320A (en) | Method of analyzing application objects based on distributed computing, method of providing item executable by computer, server performing the same and storage media storing the same | |
| Khokhlov et al. | Data security and quality evaluation framework: Implementation empirical study on android devices | |
| CN109065111A (en) | A kind of cloud platform health check system and method based on docker | |
| CN113962398A (en) | Quantum computer automation control method, system, server and storage medium | |
| CN114579415A (en) | Method, device, equipment and medium for configuring and acquiring buried point data | |
| JP2014174609A (en) | Hardware configuration estimation system, hardware configuration estimation method and hardware configuration estimation program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |