CN106154959A - A kind of method for detecting PLC Information Security in explosive production system - Google Patents
A kind of method for detecting PLC Information Security in explosive production system Download PDFInfo
- Publication number
- CN106154959A CN106154959A CN201510153393.4A CN201510153393A CN106154959A CN 106154959 A CN106154959 A CN 106154959A CN 201510153393 A CN201510153393 A CN 201510153393A CN 106154959 A CN106154959 A CN 106154959A
- Authority
- CN
- China
- Prior art keywords
- plc
- control message
- production system
- plc device
- explosive production
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of method for detecting PLC Information Security in explosive production system.Including: under transmitting-receiving test pattern, simulation host computer generates puppet control message the PLC device being issued to explosive production system;Obtain the response message to described pseudo-control message feedback for the explosive production system PLC device;Judge whether PLC device exists security breaches according to the expected operating result of response message and pseudo-control message.The detection that the present invention uploads Information Security for PLC provides multiple angle reference, can quickly find the security breaches of PLC information and be provided with solution direction pointedly.
Description
Technical field
The present invention relates to the information security detection field of civil explosive industry, specifically, relate to a kind of fried for detecting
The method of PLC Information Security in medicine production system.
Background technology
The product of civil explosive industry is the explosive with high risk, and security incident occurs again and again.In order to carry
The efficiency of high civil explosive industry and safety in production level, country widelys popularize commercial explosive HA protein.Industry is fried
Medicine bulk mixing truck production efficiency is high, and adaptability is good, mobility strong, but is difficult to monitor, and easily conceals, fails to report explosive
Yield.Prior art uses commercial explosive bulk mixing truck, transport and the carrying cost of commercial explosive have been greatly reduced.
But the existence conceaing, failing to report etc. situation that the high profit peddling explosive causes, seriously limit China's industry fried
The development of medicine bulk mixing truck.For strengthening the monitoring to blasting agent mixing vehicle, responsible departments of the government propose development " industry
The requirement of blasting agent mixing vehicle dynamic monitoring system " is simultaneously widelyd popularize.
Blasting agent mixing vehicle dynamic monitoring system is made up of explosive production control system and data uploading system, wherein
Explosive production control system produces work by production the timing acquiring of PC application control explosive
After the data such as skill parameter, production process data and explosive production amount, uploaded by data uploading system, as quality
Analyze and improve the reliable basis of production technology.Therefore PLC uploads the whether accurate of data and directly influences explosive
The management producing, and also have influence on the accurate Grasping level for mixed explosive yield for the responsible departments of the government.
Owing to the accuracy of PLC upload data in explosive production control system depends on the information security water of PLC
Standard, therefore in the urgent need to a kind of method that can detect PLC Information Security in explosive production.
Content of the invention
The present invention is directed to the above-mentioned problems in the prior art, provide one to be used for detecting in explosive production system
The method of PLC Information Security, comprising: under transmitting-receiving test pattern, simulation host computer generates puppet control message
And it is issued to the PLC device of explosive production system;
Obtain the response message to described pseudo-control message feedback for the explosive production system PLC device;
Judge whether PLC device exists safe leakage according to the expected operating result of response message and pseudo-control message
Hole.
In one embodiment, described simulation host computer generates puppet control message and the step issuing includes:
Simulation host computer generates the pseudo-control message of MODBUS form;
Send puppet control message by host computer to PLC device, or directly send institute to described PLC device
State pseudo-control message.
In one embodiment, repeat to send described pseudo-control message according to prefixed time interval.
In one embodiment, described pseudo-control message includes the device id of PLC device, for control PLC
The function code of device and data volume.
In one embodiment, in the case of sending puppet control message by host computer to PLC device, according to
Described device id sends described pseudo-control message to PLC device in the way of clean culture.
In one embodiment, the step obtaining the response message to puppet control message feedback for the PLC device includes:
Extract the response message of PLC device feedback on host computer, or directly gathered PLC by PLC device
The response message of device.
In one embodiment, the described expected operating result controlling message according to response message and puppet judges PLC
The step whether device exists security breaches includes:
In the case that the expected operating result of response message and pseudo-control message mates, described PLC device exists
, otherwise, there are not security breaches in security breaches.
In one embodiment, farther include:
Crack the password of host computer and PLC device interaction data, record password characteristic information;
Safe class based on described password characteristic infomation detection password.
In one embodiment, described password characteristic information includes that password length, password continuity, password repeat
Property and/or password constitute complexity.
In one embodiment, further include under monitoring pattern, monitor and pass between host computer and PLC device
The creation data passed, identifies described creation data for plaintext or ciphertext.
The evaluation that the present invention uploads Information Security for PLC provides multiple angle reference, can quickly find PLC
The security breaches of information are simultaneously provided with solution direction pointedly, ensure that accurately grasp mixed explosive yield and
Its progress, provides monitoring for the production of mixed explosive, transport etc., improves the level of security of civil explosive industry product.
Other features and advantages of the present invention will illustrate in the following description, and, partly from specification
In become apparent, or by implement the present invention and understand.The purpose of the present invention and other advantages can be passed through
Structure specifically noted in specification, claims and accompanying drawing realizes and obtains.
Brief description
Accompanying drawing is used for providing a further understanding of the present invention, and constitutes a part for specification, with the present invention
Embodiment be provided commonly for explain the present invention, be not intended that limitation of the present invention.In the accompanying drawings:
Fig. 1 is the structural representation of the explosive production monitoring system of the embodiment of the present invention;
Fig. 2 a is the connection status schematic diagram detecting instrument and host computer in the embodiment of the present invention;
Fig. 2 b is the connection status schematic diagram detecting instrument and PLC device in the embodiment of the present invention;
Fig. 3 is the step for detecting the method for PLC Information Security in explosive production system of the embodiment of the present invention
Rapid flow chart.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing the present invention made into
One step ground describes in detail.
Explosive production line or emulsification blasting agent mixing vehicle monitor production scene data by host computer.Such as Fig. 1 institute
Show, explosive production monitoring system arranges the detection dresses such as vibrating sensor, temperature sensor and flowmeter
Put the creation data gathering in explosive production system, and creation data is uploaded to PLC device.PLC device
The state of equipment in production line, flow and temperature etc. are controlled.Host computer realizes system by PLC device
Monitoring function, is monitored to production status.For simplicity, Fig. 1 only illustrates a PLC device,
But do not limit the scope of the present invention with this.In actual production system, PLC device can be arranged as required to many
Individual.
Embodiments of the invention provide the detection method of PLC Information Security in a kind of explosive production system, examine
Survey the security performance of communication between host computer and PLC device.The present embodiment can according to user need simulate upper
Machine generates puppet control message and is issued to PLC device, it is judged that can the function that upload data to PLC device be carried out
Control and restriction, test the prevention ability to puppet control message for the PLC device in this way.Additionally, this reality
Execute example and can also crack the encrypted ones between host computer and PLC device, the level of security of password is detected.
Being more highly preferred to, the present embodiment can also monitor the communication of PLC device and host computer, intercepts interaction data and transmits
Retain backup to far-end server (being not shown).
First combine Fig. 2 a and Fig. 2 b occupation mode to detection instrument in the embodiment of the present invention to illustrate.?
The serial ports of detection instrument is connected with the serial ports of host computer by Fig. 2 a, issues puppet by host computer to PLC device
Control message, and on host computer, extract the response message to puppet control message for the PLC device.In figure 2b will
The serial ports of detection instrument and PLC device are directly connected to, and directly issue pseudo-control message to PLC device, and adopt
The response message of collection PLC device.This detection mode can detect a certain PLC in production line or bulk mixing truck in detail
The security breaches that device exists.
Detection instrument in Fig. 2 a and Fig. 2 b can be operated in monitoring pattern and transmitting-receiving test pattern.
In the listen mode, detection instrument can monitor the creation data of transmission between host computer and PLC device.Logical
Cross and identify that the creation data transmitting between host computer and PLC device is plaintext or ciphertext, understand plc data
The safe condition of information.
Opening timing monitor pattern need first to carry out serial port setting, this include select serial ports number, arrange baud rate,
Data bit length is set, check bit is set, setting stops position and stream control form is set.
In a specific embodiment, selecting serial ports COM1, baud rate is defaulted as 9600, and data bit 8 is stopped
Stop bit 1, check bit, stream control form are defaulted as none.Preferably the data mode of serial ports can be set to ASCII
Code and HEX (hexadecimal).
Secondly, needing to arrange listening period (unit second), heap(ed) capacity (unit K B), data standard is (silent
Recognize 16 systems).After beginning listening for, detection instrument persistently receives from the data of serial ports and shows
Until listening period or capacity reach the upper limit.Midway if necessary, can be suspended or cease listening for.Suspend and monitor
Shi Chengxu will not receive serial data, and frozen but numerical value also will not be cleared by timer and capacity counter,
Continue counting when beginning listening for once again.Stop the record of the reception to serial data, capacity immediately after ceasing listening for
And timing.PLC transmission data required for so can obtaining, and safety detection is carried out to these data.
The unit of listening period is the second, and minimum of a value is 1, and maximum is 600, excellent in a specific embodiment
Elect 60 as;The unit monitoring capacity is kb, and minimum of a value is 1, and maximum is 1,024, it is embodied as at one
Example is preferably 10.
Under transmitting-receiving test pattern, detection instrument both can receive the message from serial ports, it is also possible to sends out to serial ports
Send message, send, to far-end server, the message obtaining from serial ports simultaneously.In the case that internal memory is sufficient, receive
Do not limit with the capacity sending data.The strick precaution to puppet control message for the PLC device can be detected in this mode
Ability.
No matter selecting any mode of operation, being required for first carrying out serial port setting, the content of serial port setting is with reference to front
State bright.It should be noted that the serial port setting under specific works pattern should keep with whole system in other set
Standby serial port setting is unified.
Below in conjunction with Fig. 3 to the present embodiment for detecting the method for PLC Information Security in explosive production system
Step is described in detail.
First, in step S301, simulation host computer generates puppet control message and is issued to explosive production system
PLC device.Specifically, simulate host computer and generate pseudo-the control message, i.e. basis of MODBUS form
The parameters such as the device id of PLC device generate the pseudo-control message with CRC check code, are used for simulating Modbus
Agreement host node (host computer) is written and read operation to from node (PLC device).
Shown in Fig. 2 a by host computer to PLC device send puppet control message in the case of, according to institute
State device id and send puppet control message to PLC device in the way of clean culture.
In order to ensure that pseudo-control message can issue, detecting instrument in the present embodiment can be according to prefixed time interval weight
Pseudo-control message is sent in recurrence.When using repetition sending function, preferably will repeat to send the time interval in check box
Unit is millisecond, and minimum of a value is 100, and maximum is 600,000, and default value is 1000.
Hereinafter puppet control message is described in detail.Pseudo-control message include PLC device device id,
For information such as the function code of control PLC device and data volumes.For example, function code can be read coil state
(01), read holding register (03), read input register (04), force unicoil (05) and
Prefabricated single register (06) etc..For needing the device id of PLC device and the function code that detect,
Initial address, data volume and check code are set and can generate pseudo-control message.
Next in step s 302, the sound to puppet control message feedback for the explosive production system PLC device is obtained
Answer information.Under the connection status shown in Fig. 2 a, puppet control message is responded and feeds back to by PLC device
Host computer, detection instrument extracts response message from host computer.Under the connection status shown in Fig. 2 b, from PLC
Device gathers response message.
Subsequently, in step S303, PLC is judged according to the expected operating result of response message and pseudo-control message
Whether device exists security breaches.Specifically, the expected operating result in response message and pseudo-control message mates
In the case of, it is judged that there are security breaches in PLC device;Otherwise, it is judged that PLC device does not exist security breaches.
The present embodiment can be selectively for the method detecting PLC Information Security in explosive production system
Detect the security breaches of certain PLC device information, it is also possible to detect the security breaches of all PLC device information.
The PLC device information that can detect according to needed for different applied environments and current application demand select, side
Just explosive production system operators rapidly finds out the PLC device that there is information security leak, prevents explosive production
Data are tampered, thus accurately monitor explosive production data and control explosive production process.
Safety detection method in the present embodiment farther includes to crack host computer and PLC device interaction data
Password, records password characteristic information, based on the safe class (step herein of password characteristic infomation detection password
It is not shown).
Specifically, the method cracking plc data password can use prior art, as DES decipherment algorithm,
Brute Force algorithms etc., here is omitted.Recorded crack after password characteristic information, including password is long
Degree, password continuity, password repeatability and password constitute complexity.Wherein, password composition complexity includes mouth
Whether order contains letter, whether password contains capital and small letter, whether password comprises spcial character.These letters
Breath can be as the reference angle passing judgment on password code safe class.
In the step of the safe class based on password characteristic infomation detection password, by comparing the letter of password code
The complexity of breath and reference passcode encrypted message evaluates the safe class of password.
In one embodiment, a preset reference passcode encrypted message is as comparison other, and its complexity sets
Being set to medium, the corresponding point value of evaluation of this intermediate complexity is 60-70.Point value of evaluation include to password length,
Password continuity, password repeatability, whether password contain in alphabetical, password whether contain capital and small letter, password
In whether comprise the assessment of spcial character 6, wherein password length full marks are 20, when password length is 6,
Being divided into 12 points, many or few one of password length then adds deduct 3 points;Password continuity amounts to and is divided into 20 points, mouth
Order once continuously then subtracts 2 point, the like;Password repeatability amounts to and is divided into 20 points, once repeats then
Subtract 2 point;Whether containing this total of letter in password and being divided into 10 points, comprising letter is full marks, does not comprise word
Mother's not score;Whether password contains capital and small letter total and is divided into 15 points, case sensitive then full marks, do not differentiate between
Then do not score;Whether password comprises spcial character total and is divided into 15 points, comprise then full marks, do not comprise then not
Score.
In result of the comparison, if plc data password code message complexity score is higher than reference passcode password
Message complexity score, then the safe class of plc data password is high;If plc data password code information
Complexity score is close to reference passcode encrypted message complexity score, then in the safe class of plc data password
Deng;If plc data password code message complexity score is less than reference passcode encrypted message complexity score,
Then the safe class of plc data password is low.
For the evaluation result of password security grade, display device can be accessed and/or alarm device is supplied to work
Personnel.Display device shows all of evaluation result, and alarm device is medium or low to aforementioned evaluation result
Situation carries out alarm, it is possible to be respectively provided with alarm according to the rank of evaluation result.
The embodiment of the present invention, by providing the method for detecting PLC Information Security in explosive production system, is
The evaluation that PLC uploads Information Security provides multiple angle reference, can quickly find the safety leakage of PLC information
Hole is simultaneously provided with solution direction pointedly, ensure that mixed explosive yield and the progress thereof accurately grasped, is mixed
The production of blasting charge, transport etc. provide monitoring, improve the level of security of civil explosive industry product.
While it is disclosed that embodiment as above, but described content is only to facilitate understand the present invention
And the embodiment using, it is not limited to the present invention.Technology people in any the technical field of the invention
Member, on the premise of without departing from spirit and scope disclosed in this invention, can be in the formal and details implemented
On make any modification and change, but the scope of patent protection of the present invention, still must be with appending claims institute
Define in the range of standard.
Claims (10)
1. the method being used for detecting PLC Information Security in explosive production system, it is characterised in that bag
Include:
Under transmitting-receiving test pattern, simulation host computer generates puppet control message and is issued to explosive production system
PLC device;
Obtain the response message to described pseudo-control message feedback for the explosive production system PLC device;
Judge whether PLC device exists safe leakage according to the expected operating result of response message and pseudo-control message
Hole.
2. the method for detecting PLC Information Security in explosive production system as claimed in claim 1,
It is characterized in that, described simulation host computer generates puppet control message and the step issuing includes:
Simulation host computer generates the pseudo-control message of MODBUS form;
Send puppet control message by host computer to PLC device, or directly send institute to described PLC device
State pseudo-control message.
3. the method for detecting PLC Information Security in explosive production system as claimed in claim 2,
It is characterized in that, repeat to send described pseudo-control message according to prefixed time interval.
4. the method for detecting PLC Information Security in explosive production system as claimed in claim 2,
It is characterized in that, described pseudo-control message includes the device id of PLC device, for control PLC device
Function code and data volume.
5. the method for detecting PLC Information Security in explosive production system as claimed in claim 4,
It is characterized in that,
In the case of sending puppet control message by host computer to PLC device, according to described device id with list
The mode broadcast sends described pseudo-control message to PLC device.
6. the method for detecting PLC Information Security in explosive production system as claimed in claim 2,
It is characterized in that, the step obtaining the response message to puppet control message feedback for the PLC device includes:
Extract the response message of PLC device feedback on host computer, or directly gathered PLC by PLC device
The response message of device.
7. the method for detecting PLC Information Security in explosive production system as claimed in claim 1,
It is characterized in that, whether the described expected operating result controlling message according to response message and puppet judges PLC device
The step that there are security breaches includes:
In the case that the expected operating result of response message and pseudo-control message mates, described PLC device exists
, otherwise, there are not security breaches in security breaches.
8. it is used for detecting PLC information security in explosive production system as according to any one of claim 1 to 7
The method of property, it is characterised in that farther include:
Crack the password of host computer and PLC device interaction data, record password characteristic information;
Safe class based on described password characteristic infomation detection password.
9. the method for detecting PLC Information Security in explosive production system as claimed in claim 8,
It is characterized in that, described password characteristic information includes password length, password continuity, password repeatability and/or mouth
Order constitutes complexity.
10. it is used for detecting PLC information security in explosive production system as according to any one of claim 1 to 7
Property method, it is characterised in that farther include: in the listen mode, monitor host computer and PLC device it
Between the creation data of transmission, identify described creation data in plain text or ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510153393.4A CN106154959A (en) | 2015-04-02 | 2015-04-02 | A kind of method for detecting PLC Information Security in explosive production system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510153393.4A CN106154959A (en) | 2015-04-02 | 2015-04-02 | A kind of method for detecting PLC Information Security in explosive production system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106154959A true CN106154959A (en) | 2016-11-23 |
Family
ID=57338125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510153393.4A Pending CN106154959A (en) | 2015-04-02 | 2015-04-02 | A kind of method for detecting PLC Information Security in explosive production system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106154959A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108415398A (en) * | 2017-02-10 | 2018-08-17 | 上海辇联网络科技有限公司 | Automobile information safety automation tests system and test method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101951298A (en) * | 2010-09-15 | 2011-01-19 | 北京航空航天大学 | Mthod and system for consistency test of an air ground communication system |
| FR2967275A1 (en) * | 2010-11-10 | 2012-05-11 | Oberthur Technologies | METHOD, COMPUTER PROGRAM AND DEVICE FOR SECURING INTERMEDIATE PROGRAMMING CODE FOR ITS EXECUTION BY A VIRTUAL MACHINE |
| US20140075563A1 (en) * | 2011-05-31 | 2014-03-13 | Shawn Morgan Simpson | Automated security testing |
| CN103684912A (en) * | 2013-12-06 | 2014-03-26 | 重庆邮电大学 | Sensor network safety testing method and system |
| CN103995777A (en) * | 2014-05-29 | 2014-08-20 | 上海科梁信息工程有限公司 | Automatic embedded software block box testing system and method |
-
2015
- 2015-04-02 CN CN201510153393.4A patent/CN106154959A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101951298A (en) * | 2010-09-15 | 2011-01-19 | 北京航空航天大学 | Mthod and system for consistency test of an air ground communication system |
| FR2967275A1 (en) * | 2010-11-10 | 2012-05-11 | Oberthur Technologies | METHOD, COMPUTER PROGRAM AND DEVICE FOR SECURING INTERMEDIATE PROGRAMMING CODE FOR ITS EXECUTION BY A VIRTUAL MACHINE |
| US20140075563A1 (en) * | 2011-05-31 | 2014-03-13 | Shawn Morgan Simpson | Automated security testing |
| CN103684912A (en) * | 2013-12-06 | 2014-03-26 | 重庆邮电大学 | Sensor network safety testing method and system |
| CN103995777A (en) * | 2014-05-29 | 2014-08-20 | 上海科梁信息工程有限公司 | Automatic embedded software block box testing system and method |
Non-Patent Citations (4)
| Title |
|---|
| 伊胜伟 等: "炼化行业工业控制系统信息安全分析", 《工业控制计算机》 * |
| 卢慧康: "工业控制系统脆弱性测试与风险评估研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 宋慧欣: "破解"工业控制系统信息安全"迷局", 《自动化博览》 * |
| 胡向东: "网络控制系统信息安全模型", 《2005年中国智能自动化会议论文集》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108415398A (en) * | 2017-02-10 | 2018-08-17 | 上海辇联网络科技有限公司 | Automobile information safety automation tests system and test method |
| CN108415398B (en) * | 2017-02-10 | 2021-07-16 | 上海辇联网络科技有限公司 | Automatic test system and test method for automobile information safety |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104656574B (en) | One kind divides the inspection of gap auto-control and monitoring method based on time domain | |
| JP2014225239A5 (en) | ||
| US8606378B2 (en) | Methods, apparatus, and articles of manufacture to identify hazardous process conditions associated with devices in a process control system | |
| CN108415857B (en) | Universal processing method for serial port data | |
| CN206919931U (en) | A kind of underground utilities supervisory systems | |
| CN105487476B (en) | The managing and control system and method for class rectangle shield-tunneling construction | |
| CN107219812A (en) | A kind of cargo hold level monitoring system and method based on Redundant Control | |
| CN101335670A (en) | Wireless sensor network warehouse monitoring system and method on basis of ZigBee | |
| CN108279088A (en) | Pressure sensor device and pressure capsule system | |
| CN110111523B (en) | Fire control thing networking signal simulation transmission system | |
| CN106154959A (en) | A kind of method for detecting PLC Information Security in explosive production system | |
| CN104993976B (en) | A kind of PLC safety protection equipments assessment method and system | |
| CN208809369U (en) | A kind of lithium battery box fire alarm and guard system | |
| CN205209536U (en) | Online monitored control system of environment that block terminal was used | |
| CN206147315U (en) | Oil well remote monitoring device and remote monitering system | |
| CN204884082U (en) | Gaseous detection alarm device with information fusion and long -range SMS function | |
| CN210091368U (en) | Vehicle-mounted equipment comprehensive monitoring remote alarm system | |
| CN205172637U (en) | Mine safety monitored control system based on zigBee network | |
| CN105743735A (en) | Neural-network-based Modbus Tcp communication deep packet inspection method | |
| CN106375155A (en) | MAC simulation verification model, and control method and control system thereof | |
| CN206479278U (en) | Pressure sensor device and pressure capsule system | |
| CN106248191A (en) | A kind of truck scale cheating signal detecting method and detector thereof | |
| CN106646328A (en) | Automatic test system for metering function of intelligent electric energy meter and method | |
| CN205246633U (en) | Smoke sensor | |
| CN206313819U (en) | A kind of monitoring system of wireless network networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161123 |
|
| RJ01 | Rejection of invention patent application after publication |