CN107835189A - A kind of bug excavation method and system - Google Patents
A kind of bug excavation method and system Download PDFInfo
- Publication number
- CN107835189A CN107835189A CN201711213283.8A CN201711213283A CN107835189A CN 107835189 A CN107835189 A CN 107835189A CN 201711213283 A CN201711213283 A CN 201711213283A CN 107835189 A CN107835189 A CN 107835189A
- Authority
- CN
- China
- Prior art keywords
- image
- status image
- bug excavation
- abnormality
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
This application discloses a kind of bug excavation method and system, method includes:After test case is sent to system under test (SUT), the status image of acquisition monitoring object, the status image is compared with pre-stored image, and determines that industrial control system whether there is abnormality according to comparison result, in the case where abnormality be present, analysis determines abnormal cause.The bug excavation method and system are by gathering the image of special object in industrial control system, and the image of special object is compared with the object images under the normal condition to prestore, judge that industrial control system whether there is abnormality and abnormal cause.The implementation process of this method is not influenceed by procotol complexity and business are multifarious, compared to the technology that prior art analyzes the abnormal leak of communication return bag determination, polytype network and system vulnerability can be effectively found, improves the bug excavation quality of industrial control system.
Description
Technical field
The present invention relates to technical field of network security, is to be related to a kind of bug excavation method and system in particular.
Background technology
Industrial control system refers to the automatic control system being made up of computer and industrial stokehold part, at present
Develop into it is a kind of including enterprise management level, data acquisition information layer, Industry Control layer industrial control system.With computer
The continuous development of information technology and network technology, industrial control system save management cost and improve operating efficiency while,
There is also many potential safety hazards, such as platform leak, network hole.
In order to ensure the network of industrial control system and system safety, it is necessary to prevent trouble before it happens, industrial control system is entered
The bug excavation of row active.Fuzz testing technology is the bug excavation technology of current main flow, and its realization device generally comprises initially
Setup module, data generation subsystem, data transmit-receive subsystem and anomaly analysis subsystem.Wherein, initial setup module is used for
Initialized necessary to each subsystem;Data generation subsystem is used to generate test case number according to the expression specification of agreement
According to;Data transmit-receive subsystem is used to send to measurand test case data according to the communication specification of agreement and to receive its anti-
Feedforward information communicates and returns to bag;Anomaly analysis subsystem is used to analyze to realize bug excavation communication return bag.
But by analyzing the information for communicating and returning in bag, many leaks can't find, and in industrial control system
The complexity of procotol and the diversity of business, further increase anomaly analysis subsystem and return to discovery leakage in bag from communication
The difficulty in hole.These problems cause prior art undesirable to the effect of industrial control system progress bug excavation.
The content of the invention
In view of this, the invention provides a kind of bug excavation method and system, to lift the digging of industrial control system leak
The effect of pick.
A kind of bug excavation method, including:
After test case is sent to system under test (SUT), the status image of acquisition monitoring object;
The status image is compared with pre-stored image;
Determine that industrial control system whether there is abnormality according to comparison result;
In the case of it is determined that abnormality be present, analysis determines abnormal cause.
Optionally, the status image of the acquisition monitoring object, including:
According to the status image for the frequency collection monitored object that test case is sent to system under test (SUT).
Optionally, it is described the status image is compared with pre-stored image before, in addition to:
The status image is pre-processed.
Optionally, it is described that the status image is compared with pre-stored image, including:
The status image is subjected to gray processing processing, obtains grey states image;
The grey states image is compared with the normal gray level image to prestore.
Optionally, it is described to determine that industrial control system whether there is abnormality according to comparison result, including:
If the gray value difference of the grey states image and the normal gray level image to prestore is less than the first predetermined threshold value, really
It is normal to determine industrial control system;
If it is default that the gray value difference of the grey states image and the normal gray level image to prestore is more than or equal to first
Threshold value, determine industrial control system exception.
Optionally, it is described that the status image is compared with pre-stored image, including:
Neural-network learning model is built according to the characteristic index of things in the status image;
The weighted value of all characteristic indexs is determined by the machine learning to the neutral net;
The target value of the status image is determined according to the weighted value of each characteristic index;
The target value is compared with the second predetermined threshold value.
Optionally, it is described to determine that industrial control system whether there is abnormality according to comparison result, including:
If the target value is less than second predetermined threshold value, industrial control system exception is determined;
If the target value is more than or equal to second predetermined threshold value, determine that industrial control system is normal.
Optionally, the monitored object includes device signal lamp and host computer screen, then described it is determined that in the presence of abnormal shape
In the case of state, analysis determines abnormal cause, including:
In the case of it is determined that abnormality be present, by by the status image of the device signal lamp and the signal that prestores
Lamp abnormal image compares determination abnormal cause;Or,
Processing is identified by the word in the status image to host computer screen, analysis determines abnormal cause.
A kind of bug excavation system, including initial setup module, data generation system, data receiving-transmitting system and anomaly analysis
System, the exception analysis system include:
Image capture module, for system under test (SUT) send test case after, the status image of acquisition monitoring object;
Anomaly judge module, for the status image to be compared with pre-stored image, and according to comparison result
Determine that industrial control system whether there is abnormality;
Abnormal cause determining module, in the case of being in the judged result of the anomaly judge module, point
Analysis determines abnormal cause.
Optionally, the exception analysis system also includes:
Initialization module, for being initialized to the exception analysis system.
Optionally, the exception analysis system also includes:
Image pre-processing module, for before the anomaly judge module is judged the status image,
The status image is pre-processed.
The embodiment of the invention discloses a kind of bug excavation method and system, method includes:Surveyed being sent to system under test (SUT)
After example on probation, the status image of acquisition monitoring object, the status image is compared with pre-stored image, and tied according to comparing
Fruit determines that industrial control system whether there is abnormality, and in the case where abnormality be present, analysis determines abnormal cause.Institute
Bug excavation method and system are stated by gathering the image of special object in industrial control system, and by the image of special object with
Object images under the normal condition to prestore are compared, and judge that industrial control system whether there is abnormality and exception
Reason.The implementation process of this method is not influenceed by procotol complexity and business are multifarious, is analyzed compared to prior art
Communication returns to the technology that bag determines abnormal leak, can effectively find polytype network and system vulnerability, improves industry control
The bug excavation quality of system processed.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is the flow chart of the first bug excavation method disclosed in the embodiment of the present invention;
Fig. 2 is the flow chart of second of bug excavation method disclosed in the embodiment of the present invention;
Fig. 3 is the flow chart of the third bug excavation method disclosed in the embodiment of the present invention;
Fig. 4 is the structural representation of bug excavation system disclosed in the embodiment of the present invention;
Fig. 5 is the structural representation of exception analysis system disclosed in the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
Fig. 1 is the flow chart of the first bug excavation method disclosed in the embodiment of the present invention, as shown in figure 1, methods described
It can include:
Step 101:After test case is sent to system under test (SUT), the status image of acquisition monitoring object.
For bug excavation system on startup, it is necessary to carry out initialization operation, initialization content includes but is not limited to deformity
The contents such as the initialization of initialization, the daily record of data, anomaly analysis initial setting up.After the completion of bug excavation system initialization, it is
System can combine lopsided database generation test case data according to the expression specification of the communication protocol of industrial control system, then be
The test case data is sent to tested industrial control system and receives its feedback information by system according to the specification of communication protocol.
Some feedback informations of industrial test system can be embodied by specific equipment, as equipment state lamp, on
Position machine screen and industry control test instrumentation.At this moment, can using the equipment state lamp, host computer screen and industry control test instrumentation as
Monitored object, the status image of these monitored object is gathered, subsequently through the Treatment Analysis to the status image, it is determined that industrial
Control system whether there is abnormal conditions.
In a schematical example, the status image of the acquisition monitoring object, it can include:According to tested system
System sends the status image of the frequency collection monitored object of test case.Different test cases may be used for testing different leakages
Hole, and these different test cases are not disposably to be sent to system under test (SUT).Under normal circumstances, different test cases can
With according to specific time interval, sent with cycle regular time, to ensure after test case is sent to system under test (SUT),
Have sufficient time to gather the feedback information of system under test (SUT), these feedback informations will be embodied on above-mentioned monitored object.
Step 102:The status image is compared with pre-stored image.
, it is necessary to prestore monitored object in bug excavation system before bug excavation is carried out to industrial control system
Normal condition image and can gather or obtainable abnormality image.Above-mentioned normal condition image and abnormality image can
To pass through the image for gathering and storing when the collection of the camera of monitored object site layout project or system work before.
Due to the difference of monitored object type, the particular technique hand that the status image and the pre-stored image use is compared
Section is also different.In the following embodiments, the specific implementation for comparing the status image and the pre-stored image will be done in detail
Introduce.
Step 103:Determine that industrial control system whether there is abnormality according to comparison result.
, can be normal with prestoring by the status image when specifically comparing the status image and the pre-stored image
Status image is compared, if alignment parameters difference is less than normal predetermined threshold value, normally compares successfully, and comparison result is monitoring
Obj State is normal;Normal to compare failure if alignment parameters difference is more than or equal to normal predetermined threshold value, comparison result is prison
It is abnormal to control Obj State.
The status image can also be compared with the abnormality to prestore image, if alignment parameters difference is less than different
Normal predetermined threshold value, then for anomaly ratio to success, comparison result is monitored object abnormal state.
Step 104:In the case of it is determined that abnormality be present, analysis determines abnormal cause.
Under certain situation, the abnormality image can carry label information, the label information when prestoring
In can include Exception Type, as equipment state lamp be normally green lamp, in communication protocol mistake or communication failure
In the case of, equipment state lamp is red, then the label information can be " communication protocol mistake ";Subsequently carrying out leak digging
During pick, if by relevant art analyze the equipment state lamp status image it is identical with above-mentioned abnormality image when,
When i.e. equipment state lamp is red, then the equipment state lamp abnormal state is judged, and further can be prestored according to
The label information of abnormality image determines that abnormal cause is " communication protocol mistake ".
In the case of other, when it is determined that industrial control system has abnormality, it is necessary to by being carried out to status image
Analysis can determine abnormal cause.Such as host computer screen display " I/O mistakes ", it is determined that the industrial control system is abnormal
In the case of, " I/O mistakes " font in the status image of the host computer screen can be identified by character recognition technology,
Determine abnormal cause.
Specifically, the analysis determines abnormal cause, can include:In the case of it is determined that abnormality be present, pass through
By the status image of the device signal lamp compared with the signal lamp abnormal image to prestore determination abnormal cause, or, by upper
Processing is identified in word in the status image of position machine screen, and analysis determines abnormal cause.
In the present embodiment, the implementation process of the bug excavation method is not multifarious by procotol complexity and business
Influence, analyze to communicate with returning compared to prior art and wrap the technology for determining abnormal leak, can effectively find polytype net
Network and system vulnerability, improve the bug excavation quality of industrial control system.
In other examples, can also be pre- before the status image is compared with the pre-stored image
First the status image is pre-processed.Although the environment residing for the monitored object is controllable, because the environment bar such as light
The change of part, the status image can be pre-processed first after status image is collected.It is described in the present embodiment
Pretreatment can with but be not limited to include:The contents such as image filtering, denoising, image enhaucament.
Fig. 2 is the flow chart of second of bug excavation method disclosed in the embodiment of the present invention, as shown in Fig. 2 methods described
It can include:
Step 201:After test case is sent to system under test (SUT), the status image of acquisition monitoring object.
Step 202:The status image is subjected to gray processing processing, obtains grey states image.
Step 203:The grey states image is compared with the normal gray level image to prestore.
Step 204:Judge whether the gray value difference of normal gray level image of the grey states image with prestoring is less than
First predetermined threshold value;If so, into step 205;If it is not, into step 206.
Step 205:Determine that industrial control system is normal.
Step 206:Industrial control system exception is determined, into step 207.
Step 207:Analysis determines abnormal cause.
Fig. 3 is the flow chart of the third bug excavation method disclosed in the embodiment of the present invention, as shown in figure 3, methods described
It can include:
Step 301:After test case is sent to system under test (SUT), the status image of acquisition monitoring object.
Step 302:Neural-network learning model is built according to the characteristic index of things in the status image.
Wherein, the characteristic index can with but be not limited to the indexs such as color, shape, texture.Pass through the neutral net
Learning model, it can accurately identify the status image.
Step 303:The weighted value of all characteristic indexs is determined by the machine learning to the neutral net.
Can by a large amount of training to the neural-network learning model, namely machine learning, draw color, shape,
Weighted value of the Texture eigenvalue index in the neural-network learning model.
Step 304:The target value of the status image is determined according to the weighted value of each characteristic index.
The weighted value of various features index is determined by neural-network learning model above, according to the weight
Value, using certain algorithm, such as bayesian algorithm, the target value of the status image can be calculated.
Step 305;The target value is compared with the second predetermined threshold value.
Step 306:Judge whether the target value is less than second predetermined threshold value, if so, into step 307;If
It is no, into step 309.
Step 307:Industrial control system exception is determined, into step 308.
Step 308:Analysis determines abnormal cause.
Step 309:Determine that industrial control system is normal.
Fig. 2 and Fig. 3 corresponds to embodiment and discloses the particular content that the status image is compared with pre-stored image.It is above-mentioned
Bug excavation method disclosed in embodiment, implementation process are not influenceed by procotol complexity and business are multifarious, compared to
Prior art analysis communication returns to the technology that bag determines abnormal leak, can effectively find polytype network and system leakage
Hole, improve the bug excavation quality of industrial control system.
Fig. 4 is the structural representation of bug excavation system disclosed in the embodiment of the present invention, as shown in figure 4, the leak is dug
Pick system 40 can include:
Initial setup module 401, data generation system 402, data receiving-transmitting system 403 and exception analysis system 404.
Wherein, the initial setup module 401 is used to initialize necessary to each subsystem;The data generation system
System 402 is used to generate test case data according to the expression specification of agreement;The data receiving-transmitting system 403 is used for according to agreement
Communication specification test case data send to measurand and receive its feedback information i.e. communicate return bag;The anomaly analysis
System 404 is used to realize bug excavation.
The exception analysis system 404 can include:
Image capture module 4041, for system under test (SUT) send test case after, the state diagram of acquisition monitoring object
Picture.
For bug excavation system on startup, it is necessary to carry out initialization operation, initialization content includes but is not limited to deformity
The contents such as the initialization of initialization, the daily record of data, anomaly analysis initial setting up.After the completion of bug excavation system initialization, it is
System can combine lopsided database generation test case data according to the expression specification of the communication protocol of industrial control system, then be
The test case data is sent to tested industrial control system and receives its feedback information by system according to the specification of communication protocol.
Some feedback informations of industrial test system can be embodied by specific equipment, as equipment state lamp, on
Position machine screen and industry control test instrumentation.At this moment, can using the equipment state lamp, host computer screen and industry control test instrumentation as
Monitored object, the status image of these monitored object is gathered, subsequently through the Treatment Analysis to the status image, it is determined that industrial
Control system whether there is abnormal conditions.
In a schematical example, described image acquisition module 4041 specifically can be used for:According to system under test (SUT)
Send the status image of the frequency collection monitored object of test case.Different test cases may be used for testing different leakages
Hole, and these different test cases are not disposably to be sent to system under test (SUT).Under normal circumstances, different test cases can
With according to specific time interval, sent with cycle regular time, to ensure after test case is sent to system under test (SUT),
Have sufficient time to gather the feedback information of system under test (SUT), these feedback informations will be embodied on above-mentioned monitored object.
Anomaly judge module 4042, for the status image to be compared with pre-stored image, and according to comparison
As a result determine that industrial control system whether there is abnormality.
, it is necessary to prestore monitored object in bug excavation system before bug excavation is carried out to industrial control system
Normal condition image and can gather or obtainable abnormality image.Above-mentioned normal condition image and abnormality image can
To pass through the image for gathering and storing when the collection of the camera of monitored object site layout project or system work before.
Due to the difference of monitored object type, the particular technique hand that the status image and the pre-stored image use is compared
Section is also different.Such as, in one embodiment, the anomaly judge module 4042 can be used for:The status image is entered
The processing of row gray processing, obtains grey states image;The grey states image is compared with the normal gray level image to prestore;
If the gray value difference of the grey states image and the normal gray level image to prestore is less than the first predetermined threshold value, it is determined that industry control
System processed is normal, otherwise determines that industrial control system is abnormal.In other one embodiment, the anomaly judge module
4042 can be used for:Neural-network learning model is built according to the characteristic index of things in the status image;By to described
The machine learning of neutral net determines the weighted value of all characteristic indexs;The shape is determined according to the weighted value of each characteristic index
The target value of state image;The target value is compared with the second predetermined threshold value;If the target value is less than described
Second predetermined threshold value, determines industrial control system exception, otherwise determines that industrial control system is normal.
, can be normal with prestoring by the status image when specifically comparing the status image and the pre-stored image
Status image is compared, if alignment parameters difference is less than normal predetermined threshold value, normally compares successfully, and comparison result is monitoring
Obj State is normal;Normal to compare failure if alignment parameters difference is more than or equal to normal predetermined threshold value, comparison result is prison
It is abnormal to control Obj State.
The status image can also be compared with the abnormality to prestore image, if alignment parameters difference is less than different
Normal predetermined threshold value, then for anomaly ratio to success, comparison result is monitored object abnormal state.
Abnormal cause determining module 4043, for the situation for being yes in the judged result of the anomaly judge module
Under, analysis determines abnormal cause.
Under certain situation, the abnormality image can carry label information, the label information when prestoring
In can include Exception Type, as equipment state lamp be normally green lamp, in communication protocol mistake or communication failure
In the case of, equipment state lamp is red, then the label information can be " communication protocol mistake ";Subsequently carrying out leak digging
During pick, if by relevant art analyze the equipment state lamp status image it is identical with above-mentioned abnormality image when,
When i.e. equipment state lamp is red, then the equipment state lamp abnormal state is judged, and further can be prestored according to
The label information of abnormality image determines that abnormal cause is " communication protocol mistake ".
In the case of other, when it is determined that industrial control system has abnormality, it is necessary to by being carried out to status image
Analysis can determine abnormal cause.Such as host computer screen display " I/O mistakes ", it is determined that the industrial control system is abnormal
In the case of, " I/O mistakes " font in the status image of the host computer screen can be identified by character recognition technology,
Determine abnormal cause.
Specifically, the abnormal cause determining module 4043 can be used for:In the case of it is determined that abnormality be present, lead to
The determination abnormal cause compared with the signal lamp abnormal image to prestore is crossed the status image of the device signal lamp, or, by right
Processing is identified in word in the status image of host computer screen, and analysis determines abnormal cause.
In the present embodiment, the implementation process of the bug excavation system is not multifarious by procotol complexity and business
Influence, analyze to communicate with returning compared to prior art and wrap the technology for determining abnormal leak, can effectively find polytype net
Network and system vulnerability, improve the bug excavation quality of industrial control system.
Fig. 5 be exception analysis system disclosed in the embodiment of the present invention structural representation, shown in Figure 5, the exception
Analysis system 50 can include:
Initialization module 501, for being initialized to the exception analysis system.
Image capture module 4041, for system under test (SUT) send test case after, the state diagram of acquisition monitoring object
Picture.
Image pre-processing module 502, for carrying out judging it to the status image in the anomaly judge module
Before, the status image is pre-processed.
Before the status image is compared with the pre-stored image, the status image can also be entered in advance
Row pretreatment.Although the environment residing for the monitored object is controllable, because the change of the environmental condition such as light, can gathered
To after status image, the status image is pre-processed first.In the present embodiment, the pretreatment can with but be not limited to
Including:The contents such as image filtering, denoising, image enhaucament.
Anomaly judge module 4042, for the status image to be compared with pre-stored image, and according to comparison
As a result determine that industrial control system whether there is abnormality.
Abnormal cause determining module 4043, for the situation for being yes in the judged result of the anomaly judge module
Under, analysis determines abnormal cause.
In the present embodiment, the exception analysis system to status image before analysis judgement is carried out, first to the state
Image is pre-processed, and is easy to subsequently accurately identify the things in the status image, to carry out accurately and effectively bug excavation.
The bug excavation system is not influenceed by procotol complexity and business are multifarious in implementation process, compared to existing skill
Art analysis communication returns to the technology that bag determines abnormal leak, can effectively find polytype network and system vulnerability, improve
The bug excavation quality of industrial control system.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight
Point explanation is all difference with other embodiment, between each embodiment identical similar part mutually referring to.
The foregoing description of the disclosed embodiments, professional and technical personnel in the field are enable to realize or using the present invention.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope caused.
Claims (11)
- A kind of 1. bug excavation method, it is characterised in that including:After test case is sent to system under test (SUT), the status image of acquisition monitoring object;The status image is compared with pre-stored image;Determine that industrial control system whether there is abnormality according to comparison result;In the case of it is determined that abnormality be present, analysis determines abnormal cause.
- 2. bug excavation method according to claim 1, it is characterised in that the status image of the acquisition monitoring object, Including:According to the status image for the frequency collection monitored object that test case is sent to system under test (SUT).
- 3. bug excavation method according to claim 1, it is characterised in that described by the status image and the figure that prestores Before picture is compared, in addition to:The status image is pre-processed.
- 4. bug excavation method according to claim 1, it is characterised in that described by the status image and pre-stored image It is compared, including:The status image is subjected to gray processing processing, obtains grey states image;The grey states image is compared with the normal gray level image to prestore.
- 5. bug excavation method according to claim 4, it is characterised in that described that Industry Control is determined according to comparison result System whether there is abnormality, including:If the gray value difference of the grey states image and the normal gray level image to prestore is less than the first predetermined threshold value, work is determined Industry control system is normal;If the gray value difference of the grey states image and the normal gray level image to prestore is more than or equal to the first predetermined threshold value, Determine industrial control system exception.
- 6. bug excavation method according to claim 1, it is characterised in that described by the status image and pre-stored image It is compared, including:Neural-network learning model is built according to the characteristic index of things in the status image;The weighted value of all characteristic indexs is determined by the machine learning to the neutral net;The target value of the status image is determined according to the weighted value of each characteristic index;The target value is compared with the second predetermined threshold value.
- 7. bug excavation method according to claim 6, it is characterised in that described that Industry Control is determined according to comparison result System whether there is abnormality, including:If the target value is less than second predetermined threshold value, industrial control system exception is determined;If the target value is more than or equal to second predetermined threshold value, determine that industrial control system is normal.
- 8. bug excavation method according to claim 1, it is characterised in that the monitored object include device signal lamp and Host computer screen, then described in the case of it is determined that abnormality be present, analysis determines abnormal cause, including:In the case of it is determined that abnormality be present, by the way that the status image of the device signal lamp and the signal lamp that prestores is different Normal image compares determination abnormal cause;Or,Processing is identified by the word in the status image to host computer screen, analysis determines abnormal cause.
- 9. a kind of bug excavation system, including initial setup module, data generation system, data receiving-transmitting system and anomaly analysis system System, it is characterised in that the exception analysis system includes:Image capture module, for system under test (SUT) send test case after, the status image of acquisition monitoring object;Anomaly judge module, for the status image to be compared with pre-stored image, and determined according to comparison result Industrial control system whether there is abnormality;Abnormal cause determining module, in the case of being in the judged result of the anomaly judge module, analysis is true Determine abnormal cause.
- 10. bug excavation system according to claim 9, it is characterised in that the exception analysis system also includes:Initialization module, for being initialized to the exception analysis system.
- 11. bug excavation system according to claim 9, it is characterised in that the exception analysis system also includes:Image pre-processing module, for before the anomaly judge module is judged the status image, to institute Status image is stated to be pre-processed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711213283.8A CN107835189A (en) | 2017-11-28 | 2017-11-28 | A kind of bug excavation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711213283.8A CN107835189A (en) | 2017-11-28 | 2017-11-28 | A kind of bug excavation method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107835189A true CN107835189A (en) | 2018-03-23 |
Family
ID=61646215
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711213283.8A Pending CN107835189A (en) | 2017-11-28 | 2017-11-28 | A kind of bug excavation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107835189A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109631784A (en) * | 2018-11-27 | 2019-04-16 | 彩虹(合肥)液晶玻璃有限公司 | Glass substrate detection system and method |
| CN112257075A (en) * | 2020-11-11 | 2021-01-22 | 福建有度网络安全技术有限公司 | System vulnerability detection method, device, equipment and storage medium under intranet environment |
| CN112653693A (en) * | 2020-12-21 | 2021-04-13 | 哈尔滨工大天创电子有限公司 | Industrial control protocol analysis method and device, terminal equipment and readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101566656A (en) * | 2008-04-25 | 2009-10-28 | 佛山市顺德区顺达电脑厂有限公司 | System and method for automatic detection |
| CN103473558A (en) * | 2013-09-04 | 2013-12-25 | 深圳先进技术研究院 | Image recognizing method and system based on neural network |
| CN104698399A (en) * | 2014-08-26 | 2015-06-10 | 安徽工程大学 | Automotive lamp fault detecting system and method thereof |
| CN105100732A (en) * | 2015-08-26 | 2015-11-25 | 深圳市银之杰科技股份有限公司 | Machine room server remote monitoring method and system |
| US9430629B1 (en) * | 2014-01-24 | 2016-08-30 | Microstrategy Incorporated | Performing biometrics in uncontrolled environments |
| US20170318162A1 (en) * | 2016-04-27 | 2017-11-02 | Kyocera Document Solutions Inc. | Image-forming device with document reading unit |
| CN107360171A (en) * | 2017-07-19 | 2017-11-17 | 成都明得科技有限公司 | Industrial control system information security test device and method based on status lamp detection |
-
2017
- 2017-11-28 CN CN201711213283.8A patent/CN107835189A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101566656A (en) * | 2008-04-25 | 2009-10-28 | 佛山市顺德区顺达电脑厂有限公司 | System and method for automatic detection |
| CN103473558A (en) * | 2013-09-04 | 2013-12-25 | 深圳先进技术研究院 | Image recognizing method and system based on neural network |
| US9430629B1 (en) * | 2014-01-24 | 2016-08-30 | Microstrategy Incorporated | Performing biometrics in uncontrolled environments |
| CN104698399A (en) * | 2014-08-26 | 2015-06-10 | 安徽工程大学 | Automotive lamp fault detecting system and method thereof |
| CN105100732A (en) * | 2015-08-26 | 2015-11-25 | 深圳市银之杰科技股份有限公司 | Machine room server remote monitoring method and system |
| US20170318162A1 (en) * | 2016-04-27 | 2017-11-02 | Kyocera Document Solutions Inc. | Image-forming device with document reading unit |
| CN107360171A (en) * | 2017-07-19 | 2017-11-17 | 成都明得科技有限公司 | Industrial control system information security test device and method based on status lamp detection |
Non-Patent Citations (1)
| Title |
|---|
| 孙超等: ""基于图像识别的电台直播机房视频监控系统"", 《东南传播》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109631784A (en) * | 2018-11-27 | 2019-04-16 | 彩虹(合肥)液晶玻璃有限公司 | Glass substrate detection system and method |
| CN112257075A (en) * | 2020-11-11 | 2021-01-22 | 福建有度网络安全技术有限公司 | System vulnerability detection method, device, equipment and storage medium under intranet environment |
| CN112653693A (en) * | 2020-12-21 | 2021-04-13 | 哈尔滨工大天创电子有限公司 | Industrial control protocol analysis method and device, terminal equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102321765B1 (en) | Display device quality inspection method, device, electronic device and storage medium | |
| CN107835189A (en) | A kind of bug excavation method and system | |
| US20150039543A1 (en) | Feature Based Three Stage Neural Network Intrusion Detection | |
| US11336675B2 (en) | Cyber resilience chaos stress testing | |
| CN111931179B (en) | Cloud malicious program detection system and method based on deep learning | |
| CN104391797A (en) | GUI (graphical user interface) widget identification method and device | |
| CN106101130A (en) | A kind of network malicious data detection method, Apparatus and system | |
| CN106445817A (en) | Test data processing method, apparatus and system | |
| CN110135166A (en) | A kind of detection method and system for the attack of service logic loophole | |
| CN112180285B (en) | Method and device for identifying traffic signal lamp faults, navigation system and road side equipment | |
| CN112798979A (en) | System and method for detecting state of grounding wire of transformer substation based on deep learning technology | |
| CN109743286A (en) | A kind of IP type mark method and apparatus based on figure convolutional neural networks | |
| CN111949992A (en) | Automatic safety monitoring method and system for WEB application program | |
| EP4009586A1 (en) | A system and method for automatically neutralizing malware | |
| Tong et al. | Improving accuracy of automatic optical inspection with machine learning | |
| CN113703637A (en) | Inspection task coding method and device, electronic equipment and computer storage medium | |
| KR100676574B1 (en) | Security hole diagnosis system | |
| Cucinotta et al. | Behavioral analysis for virtualized network functions: A som-based approach | |
| CN112132092A (en) | Fire extinguisher and fire blanket identification method based on convolutional neural network | |
| CN116069665A (en) | Application testing method and device, electronic equipment and computer readable storage medium | |
| KR102555371B1 (en) | System and method of detection anomalous signs in smart factory using M-SVDD | |
| CN113569255A (en) | Vulnerability detection method and device based on background RPC interface | |
| CN107948385A (en) | A kind of method and apparatus of fault detect | |
| CN106773719A (en) | A kind of industrial control system leak automatic mining method based on BP neural network | |
| CN110222813A (en) | Run method, equipment and the computer program of the vehicle at least partly automated |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180323 |
|
| RJ01 | Rejection of invention patent application after publication |