CN109613899A - A method of the industrial control system security risk assessment based on allocation list - Google Patents
A method of the industrial control system security risk assessment based on allocation list Download PDFInfo
- Publication number
- CN109613899A CN109613899A CN201811575235.8A CN201811575235A CN109613899A CN 109613899 A CN109613899 A CN 109613899A CN 201811575235 A CN201811575235 A CN 201811575235A CN 109613899 A CN109613899 A CN 109613899A
- Authority
- CN
- China
- Prior art keywords
- management
- engine
- industrial control
- database
- assets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
- G05B19/41875—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by quality surveillance of production
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/32—Operator till task planning
- G05B2219/32368—Quality control
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The present invention relates to the safe security risk assessment of industrial control system and configuration verification field technical field, in particular to the method for a kind of industrial control system security risk assessment based on allocation list, using following steps: step 1: building kernel scheduling engine, database group, engine library, industry control assets information library are established, industry security Configuration baseline checking tool is formed;Step 2: the database group in step 1 is by industry control agreement, equipment, software database, industry control vulnerability scan, key scan instruction database composition;It is for industrial control equipment, the network equipment, industry control application, service, the component etc. for constituting industrial control system, and the components such as industrial control system information technoloy equipment, operating system, database for generalling use carry out assets detection, configuration security baseline is verified, Hole Detection, realize quickly detection, it was found that loophole, so as to quickly obtain testing result, security risk existing for baseline configuration is found.
Description
Technical field
The present invention relates to the safe security risk assessment of industrial control system and configuration verification field, are related to a kind of based on configuration
The method of the industrial control system security risk assessment of table.
Background technique
Modern industry infrastructure includes electric power, oil and gas, chemical industry, water conservancy, industry manufacture and traffic control etc.
Key industry constitutes the important foundation of Chinese national economy, modern society and national security.It is crucial in industrial infrastructure
It may cause casualties, serious economic loss, infrastructure using the failure of, system to be destroyed, environmental disaster, jeopardize public affairs
All living creatures' work and national security etc..
Industrial control system constitutes the nervous system of modern industry infrastructure.Traditionally, industrial control system is mostly
It using the close network of special technology, does not interconnect externally, the information security threats faced do not protrude.Correspondingly, respectively
Kind industrial control equipment, application, system, communication protocol are all designed mainly for proprietary enclosed environment.Due to there is no reality
Information security threats, industrial automation control system design, realize with deployment during, main indicator be availability,
Function, performance, (physics) safety, real-time etc., and need not excessively consider network attack, information security the problems such as.
In recent decades, various industrial control systems just rapidly move towards open, interconnection (packet from closing, isolated system
Include and interconnected with traditional IT system), increasingly industry is controlled as the communications infrastructure using Ethernet/IP/TCP network
Application layer of the protocol migration processed to ICP/IP protocol stack;Using the various wireless networks including including IWLAN, GPRS etc.;Extensively
The commercial operation systems such as the Windows using standard, equipment, software, middleware and various general technologies.Typical industry is automatic
Networked control systems, including SCADA (data acquisition analysis system), DCS (dcs), PLC (programmable logic control
Device processed) etc., just increasingly becoming open, general and standardization.
Industrial control system is also faced with day while enjoying opening, the progress of interconnection technique bring, efficiency and interests
The serious security threat of benefit.Due to the promotion of long-term lacking demand for security, to the network environment using general technologies such as TCP/IP
Under be widely present security threat shortage fully realize, the existing industrial control system past design, research and development in do not have almost
Have and consider the problems of information security, lacks awareness of safety, management, process, strategy and relevant speciality technology again in deployment, O&M
Support, lead in many industrial control systems that there is such or such safety problems, once be not intended to or malicious exploitation,
It will result in various serious security incidents.
The practice and exploration of many years is passed through by this department, and countries in the world more or less all have appreciated that and open for industrial control system
Open up comprehensive security evaluation, the security threat found out, grasp the potential security risk of industrial control system and faced, facilitate with
This pushes each side such as each associated mechanisms of industrial control field, client and manufacturer to participate in, cooperate jointly for starting point, improves and complete
It is apt to existing industrial control system, and researches and develops safer, reliable new industrial control system.It can be realized for information technoloy equipment and work
Important information technoloy equipment, industrial control equipment, network equipment security configuration situation are analyzed in the safety inspection for controlling device configuration baseline, find base
Line configures existing security risk.
Summary of the invention
In view of the defects and deficiencies of the prior art, the present invention intends to provide a kind of industrial control systems based on allocation list
The method of security risk assessment, it has the long-range and local ability that security configuration inspection is carried out to information technoloy equipment and industrial control equipment,
And meets corresponding safety standard, while there is friendly man-machine interface and reporting system, realize that baseline checks the intelligence of work
Change, automation.
To achieve the above object, the technical solution adopted by the present invention is that:
A kind of method of industrial control system security risk assessment based on allocation list of the present invention, using following steps:
Step 1: building kernel scheduling engine establishes database group, engine library, industry control assets information library, forms industry peace
Full Configuration baseline checking tool;
Step 2: by industry control agreement, equipment, software database, industry control vulnerability scan closes the database group in step 1
Key scanning instruction database composition;
Step 3: the engine library in step 1 is by scanning strategy engine, engine of giving out a contract for a project, acquisition engine, differentiates engine composition;
Step 4: the industry control agreement in step 2, equipment, software database, industry control vulnerability scan, key scan instruction
Database provides data source one for kernel scheduling engine;
Step 5: the industry control assets information library in step 1 provides data source two for kernel scheduling engine;
Step 6: the data source one in step 4 and the data source in step 5 two form data source library;
Step 6: kernel scheduling engine checks industrial control equipment/software by giving out a contract for a project engine, and scanning engine comes pair
Industrial control equipment/software to be checked, by the data source two in invocation step five, to formulate inspection policy, then acquisition engine
The data of the inspection in industrial control equipment/software are acquired, the data being collected into are sent to engine is differentiated, differentiate engine calling step
Data source one in four utilizes industry control agreement, equipment, software database, industry control vulnerability scan, key scan director data
Library differentiates that engine again send inspection result data to kernel scheduling engine, core tune to differentiate that inspection obtains inspection result data
Degree engine again shows inspection result.
Further, the industry security Configuration baseline checking tool in step 1 is adopted by presentation layer, kernel business tier, data
Collect layer, external system layer and assessment object layer composition;
Wherein: (1) presentation layer includes assets classes distribution layer, assets loophole distribution layer, task execution maintenance level composition, is led to
Assets classes distribution layer, assets loophole distribution layer, task execution maintenance level are crossed, assets can be obtained using tool and close rule analysis knot
Fruit, assets leak analysis result and the distribution of the whole network irregularity index;
Wherein: (2) kernel business tier is by task management, asset management, configuration management, loophole verification, points-scoring system, report
Management, system administration, knowledge base management composition;
Task management is compared by task configuration, task execution, task merging, task to be formed with manual task;
Asset management is made of assets detection, asset identification, assets protection, asset statistical;
Configuration management is verified by networked devices, verification is locally configured, verifies tactical management, verification analysis statistics forms;
Loophole, which verifies to be reinforced by fragility verification, leak analysis, loophole, to be suggested forming;
Points-scoring system is calculated by code of points management, scoring, scoring statistics forms;
Report management is made of report template management, report Classification Management, report generation management;
System administration with note management, Role Management, system audit, backup and recovery by being formed;
Knowledge base management is made of fingerprint base management, vulnerability database management, assets information library;
Wherein: data collection layer is made of online acquisition and offline acquisition;
Data collection layer is made of the management of acquisition script, collection scheduling management, acquisition protocols management;
Offline acquisition is made of offline acquisition engine management, offline script management, offline results management;
Wherein: (3) assess object layer by industrial control equipment, the network equipment, safety equipment, Web middleware, database and operation
System composition;
Wherein: (4) external system layer is made of risk evaluation tool system, asset system, vulnerability information system.
After adopting the above structure, the invention has the following beneficial effects: a kind of industrial control system based on allocation list of the present invention
The method of security risk assessment, it is for the application of industrial control equipment, the network equipment, industry control, the service, group for constituting industrial control system
The components such as information technoloy equipment, operating system, database that part etc. and industrial control system generally use carry out assets detection, configuration safety
Baseline verification, Hole Detection realize quickly detection, find loophole, so as to quickly obtain testing result, discovery baseline configuration
Existing security risk.
Detailed description of the invention
Fig. 1 is topological frame construction drawing of the invention;
Fig. 2 is risk assessment tool system architecture diagram of the invention;
Fig. 3 is the topological diagram of the deployment way of the invention between industrial control system equipment;
Fig. 4 is the topological diagram of the degree of risk detection of desired asset of the invention;
Fig. 5 is the topological diagram of loophole discovery detection of the invention;
Fig. 6 is the flow diagram of industry control loophole discovery of the invention;
Fig. 7 is the flow diagram of quick assets discovery of the invention.
Specific embodiment
The present invention will be further described below with reference to the drawings.
As shown in Figure 1, a kind of method of industrial control system security risk assessment based on allocation list of the present invention, uses
Following steps:
Step 1: building kernel scheduling engine establishes database group, engine library, industry control assets information library, forms industry peace
Full Configuration baseline checking tool;
Step 2: by industry control agreement, equipment, software database, industry control vulnerability scan closes the database group in step 1
Key scanning instruction database composition;
Step 3: the engine library in step 1 is by scanning strategy engine, engine of giving out a contract for a project, acquisition engine, differentiates engine composition;
Step 4: the industry control agreement in step 2, equipment, software database, industry control vulnerability scan, key scan instruction
Database provides data source one for kernel scheduling engine;
Step 5: the industry control assets information library in step 1 provides data source two for kernel scheduling engine;
Step 6: the data source one in step 4 and the data source in step 5 two form data source library;
Step 6: kernel scheduling engine checks industrial control equipment/software by giving out a contract for a project engine, and scanning engine comes pair
Industrial control equipment/software to be checked, by the data source two in invocation step five, to formulate inspection policy, then acquisition engine
The data of the inspection in industrial control equipment/software are acquired, the data being collected into are sent to engine is differentiated, differentiate engine calling step
Data source one in four utilizes industry control agreement, equipment, software database, industry control vulnerability scan, key scan director data
Library differentiates that engine again send inspection result data to kernel scheduling engine, core tune to differentiate that inspection obtains inspection result data
Degree engine again shows inspection result.
Further, as shown in Fig. 2, the industry security Configuration baseline checking tool in step 1 is by presentation layer, core industry
Business layer, data collection layer, external system layer and assessment object layer composition;
Wherein: (1) presentation layer includes assets classes distribution layer, assets loophole distribution layer, task execution maintenance level composition, is led to
Assets classes distribution layer, assets loophole distribution layer, task execution maintenance level are crossed, assets can be obtained using tool and close rule analysis knot
Fruit, assets leak analysis result and the distribution of the whole network irregularity index;
Wherein: (2) kernel business tier is by task management, asset management, configuration management, loophole verification, points-scoring system, report
Management, system administration, knowledge base management composition;
Task management is compared by task configuration, task execution, task merging, task to be formed with manual task;
Asset management is made of assets detection, asset identification, assets protection, asset statistical;
Configuration management is verified by networked devices, verification is locally configured, verifies tactical management, verification analysis statistics forms;
Loophole, which verifies to be reinforced by fragility verification, leak analysis, loophole, to be suggested forming;
Points-scoring system is calculated by code of points management, scoring, scoring statistics forms;
Report management is made of report template management, report Classification Management, report generation management;
System administration with note management, Role Management, system audit, backup and recovery by being formed;
Knowledge base management is made of fingerprint base management, vulnerability database management, assets information library;
Wherein: data collection layer is made of online acquisition and offline acquisition;
Data collection layer is made of the management of acquisition script, collection scheduling management, acquisition protocols management;
Offline acquisition is made of offline acquisition engine management, offline script management, offline results management;
Wherein: (3) assess object layer by industrial control equipment, the network equipment, safety equipment, Web middleware, database and operation
System composition;
Wherein: (4) external system layer is made of risk evaluation tool system, asset system, vulnerability information system.
The present invention has through long-range and local mode to components such as industrial control equipment, information technoloy equipment, the network equipment, industry control applications
Carry out the ability of security configuration inspection, can security configuration and security breaches in inspection system, and comply fully with corresponding peace
Full specification and the existing device configuration code requirement of best security practices, while there is friendly man-machine interface and report abundant
System fully achieves intelligence, the automation of safety inspection work.
Present invention support is commented based on IEC62443, the system integrity security evaluation of ISA Secure EDSA, functional safety
Estimate equal risk assessment function.
For the present invention by the way of remote access, network is reachable, connects existing network, is not any of network and repairs
Change, typical industrial control system can be covered, deployment way is as shown in Fig. 3.
The present invention is suitable for autonomous assessment, third party assesses, higher level checks junior, product access is checked and accepted, daily O&M
The scenes such as inspection, are greatly improved working efficiency, and provide strong technical support for industrial control system Security Construction.
As shown in figure 4, in the use of the present invention, user input desired asset be added assets, matched using industry security
Baseline checking tool is set to carry out assets detection, asset identification, assets protection, asset statistical by asset management, it is then sharp
Networked devices verification is carried out with configuration management, and verification is locally configured, verifies tactical management, verifies analysis statistics, it is subsequently sharp
With task management module, the configuration of Lai Jinhang task forms newly-built task, by task execution, according to system according to preseting
Industry control baseline checks template, logs in desired asset, acquires the information such as configuration to be checked, checks the database in template with industry control baseline
Data in group are compared item by item, are weighted scoring to result according to preset weight, are obtained the risk journey of desired asset
Degree, is then obtained matching result, is scored using points-scoring system, and final result is used report output.
As shown in figure 5, detecting in the present invention for loophole, specific practice is as follows: using industry security Configuration baseline
Checking tool establishes newly-built task by asset management, is guiding with loophole inspection, then passes through appointing in task management again
Business configuration configures IP/ Asset Allocation, port configuration, product type/producer to realize, with then carrying out task again, to target
The detection of industry control assets reuses loophole and verifies progress leak analysis, points-scoring system is recycled to score loophole result data,
Pass through report output final result.
As shown in fig. 6, the function that the discovery of industry control loophole is realized is by calling fingerprint recognition engines etc. to give in the present invention
The loophole of industry control target device, and report to user.User, which clicks, executes vulnerability scanner.Fingerprint recognition engines are called first
Fingerprinting analysis is carried out, continuous access database, which checks whether fingerprint recognition engines execute, later terminates.If engine is
Execution terminates, and stops constantly access database and checks program, update database tasks state, illustrates that the task call engine executes
Terminate.After state updates, the data loading insertion loophole of needs is obtained from the tables such as loophole task list and fingerprint results table
In scanning result table.User can obtain data from the table, to check scanning result.
As shown in fig. 7, in the present invention, for assets discovery feature, using following operation: being swept using the network of tool
Retouch-quickly assets discovery needs the function realized is to find out the equipment in network, and identify to it by scanning network.
The most crucial step of network sweep in the present invention is exactly according to network protocol sending and receiving data packet, and whole process can be divided into four
Point, it is detecting host, port scan, service identification, system identification respectively according to sequencing, the work that this four part is done is got over
It is more careful to come, behind based on each step requires the result of front.During detecting host, scanning end is to being scanned
IP send data packet, if the IP has response, just illustrate equipment representated by the IP exist.
Port scan is to determine the step of which port the host of survival opened after detecting host completion.Port
In scanning process, scanner program is attempted to establish the link with the particular port of destination host, if it is possible to it is successfully established link, then
That is to say, bright destination host has opened corresponding port
It is on the one hand crucial under the historical background based on China's industrial repositioning upgrading and " two change depth integration " in the present invention
The industrial control system of infrastructure industry is in the closed state of " information island " for a long time, and system Construction thinking generally weighs
The light safety of business even gives no thought to the network information security;The reaching its maturity of another aspect smart machine, management level and letter
The promotion of breathization level requires industrial control network directly or indirectly to access internet from many levels again.In current shape
Under gesture, effective security protection provided for the key industry control system of basic facility industry, just must have pointedly
Comprehensive security risk assessment is carried out to various industrial control systems.Use the industrial control system Information Security Risk of the design
Assessment tool can be widely for industrial control equipment, the network equipment, industry control application (software), the clothes for constituting industrial control system
The components such as information technoloy equipment, operating system, database that business, component etc. and industrial control system generally use carry out assets detection, configuration
Security baseline verification, Hole Detection.
Operating system, database, the network equipment in the design covering industrial control system;Engineer in networked devices
It stands, operator station, HMI, PLC, DCS, PCS, SCADA, opc server, industrial switch etc.;Support Siemens, Schneider, sieve
The asset identification and detecting function of the mainstreams industry control such as Ke Weier manufacturer's typical case's networked devices or system.
The above description is only a preferred embodiment of the present invention, thus it is all according to the configuration described in the scope of the patent application of the present invention,
The equivalent change or modification that feature and principle are done, is included in the scope of the patent application of the present invention.
Claims (2)
1. a kind of method of the industrial control system security risk assessment based on allocation list, it is characterised in that: use following steps:
Step 1: building kernel scheduling engine establishes database group, engine library, industry control assets information library, forms industry security and matches
Set baseline checking tool;
Step 2: database group in step 1 is swept by industry control agreement, equipment, software database, industry control vulnerability scan, key
Retouch instruction database composition;
Step 3: the engine library in step 1 is by scanning strategy engine, engine of giving out a contract for a project, acquisition engine, differentiates engine composition;
Step 4: the industry control agreement in step 2, equipment, software database, industry control vulnerability scan, key scan director data
Library provides data source one for kernel scheduling engine;
Step 5: the industry control assets information library in step 1 provides data source two for kernel scheduling engine;
Step 6: the data source one in step 4 and the data source in step 5 two form data source library;
Step 6: kernel scheduling engine checks that scanning engine comes to be checked to industrial control equipment/software by giving out a contract for a project engine
Industrial control equipment/the software looked into, by the data source two in invocation step five, to formulate inspection policy, then acquisition engine is adopted
The data being collected into are sent to engine is differentiated, are differentiated in engine calling step 4 by the data for collecting the inspection in industrial control equipment/software
Data source one, using industry control agreement, equipment, software database, industry control vulnerability scan, key scan instruction database comes
Differentiate that inspection obtains inspection result data, differentiates that engine again send inspection result data to kernel scheduling engine, kernel scheduling draws
It holds up and again shows inspection result.
2. a kind of method of industrial control system security risk assessment based on allocation list according to claim 1, feature exist
In: the industry security Configuration baseline checking tool in step 1 is by presentation layer, kernel business tier, data collection layer, external system
Layer and assessment object layer composition;
Wherein: (1) presentation layer includes assets classes distribution layer, assets loophole distribution layer, task execution maintenance level composition, passes through money
Produce classification distribution layer, assets loophole distribution layer, task execution maintenance level, using tool can obtain assets close rule analysis as a result,
Assets leak analysis result and the distribution of the whole network irregularity index;
Wherein: (2) kernel business tier is by task management, asset management, configuration management, loophole verification, points-scoring system, report pipe
Reason, system administration, knowledge base management composition;
Task management is compared by task configuration, task execution, task merging, task to be formed with manual task;
Asset management is made of assets detection, asset identification, assets protection, asset statistical;
Configuration management is verified by networked devices, verification is locally configured, verifies tactical management, verification analysis statistics forms;
Loophole, which verifies to be reinforced by fragility verification, leak analysis, loophole, to be suggested forming;
Points-scoring system is calculated by code of points management, scoring, scoring statistics forms;
Report management is made of report template management, report Classification Management, report generation management;
System administration with note management, Role Management, system audit, backup and recovery by being formed;
Knowledge base management is made of fingerprint base management, vulnerability database management, assets information library;
Wherein: data collection layer is made of online acquisition and offline acquisition;
Data collection layer is made of the management of acquisition script, collection scheduling management, acquisition protocols management;
Offline acquisition is made of offline acquisition engine management, offline script management, offline results management;
Wherein: (3) assess object layer by industrial control equipment, the network equipment, safety equipment, Web middleware, database and operating system
Composition;
Wherein: (4) external system layer is made of risk evaluation tool system, asset system, vulnerability information system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811575235.8A CN109613899A (en) | 2018-12-21 | 2018-12-21 | A method of the industrial control system security risk assessment based on allocation list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811575235.8A CN109613899A (en) | 2018-12-21 | 2018-12-21 | A method of the industrial control system security risk assessment based on allocation list |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109613899A true CN109613899A (en) | 2019-04-12 |
Family
ID=66009899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811575235.8A Pending CN109613899A (en) | 2018-12-21 | 2018-12-21 | A method of the industrial control system security risk assessment based on allocation list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109613899A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
| CN110794795A (en) * | 2019-11-27 | 2020-02-14 | 上海三零卫士信息安全有限公司 | Industrial control information security risk assessment model based on distributed inspection |
| CN111490976A (en) * | 2020-03-24 | 2020-08-04 | 浙江中烟工业有限责任公司 | Dynamic baseline management and monitoring method for industrial control network |
| CN112800408A (en) * | 2021-04-15 | 2021-05-14 | 工业信息安全(四川)创新中心有限公司 | Industrial control equipment fingerprint extraction and identification method based on active detection |
| CN113037766A (en) * | 2021-03-23 | 2021-06-25 | 中通服创发科技有限责任公司 | Comprehensive evaluation method for asset safety and health degree under multiple scenes |
| CN113055379A (en) * | 2021-03-11 | 2021-06-29 | 北京顶象技术有限公司 | Risk situation perception method and system for key infrastructure of whole network |
| CN113315767A (en) * | 2021-05-26 | 2021-08-27 | 国网山东省电力公司电力科学研究院 | Electric power Internet of things equipment safety detection system and method |
| CN113329027A (en) * | 2021-06-16 | 2021-08-31 | 北京凌云信安科技有限公司 | Spatial asset mapping system fusing multidimensional asset image and vulnerability association analysis |
| CN113518054A (en) * | 2020-04-09 | 2021-10-19 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Safety configuration acquisition method for railway industry information system |
| CN113676459A (en) * | 2021-07-28 | 2021-11-19 | 中国石油化工股份有限公司 | Real-time industrial control passive identification method for Rockwell equipment |
| CN113791973A (en) * | 2021-08-23 | 2021-12-14 | 湖北省农村信用社联合社网络信息中心 | Compatibility baseline detection method and system based on rural telecommunication system |
| CN114157493A (en) * | 2021-12-06 | 2022-03-08 | 中国船级社 | Industrial control system network security simulation test platform and computer equipment |
| CN114499974A (en) * | 2021-12-28 | 2022-05-13 | 深圳供电局有限公司 | Device detection method, device, computer device and storage medium |
| CN114978614A (en) * | 2022-04-29 | 2022-08-30 | 广州市昊恒信息科技有限公司 | IP asset rapid scanning processing system |
| CN115618353A (en) * | 2022-10-21 | 2023-01-17 | 北京珞安科技有限责任公司 | Identification system and method for industrial production safety |
| CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130283336A1 (en) * | 2012-04-23 | 2013-10-24 | Abb Technology Ag | Cyber security analyzer |
| EP3109807A1 (en) * | 2015-06-24 | 2016-12-28 | Electricité de France | Method for assessing safety and security risks of an industrial process |
| CN206181087U (en) * | 2016-08-30 | 2017-05-17 | 上海新华控制技术(集团)有限公司 | Active leak detecting system towards industrial control system |
| CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
-
2018
- 2018-12-21 CN CN201811575235.8A patent/CN109613899A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130283336A1 (en) * | 2012-04-23 | 2013-10-24 | Abb Technology Ag | Cyber security analyzer |
| EP3109807A1 (en) * | 2015-06-24 | 2016-12-28 | Electricité de France | Method for assessing safety and security risks of an industrial process |
| CN206181087U (en) * | 2016-08-30 | 2017-05-17 | 上海新华控制技术(集团)有限公司 | Active leak detecting system towards industrial control system |
| CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
Non-Patent Citations (1)
| Title |
|---|
| 郑文奇: "工业控制系统信息安全评估和改造", 《自动化应用》 * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
| CN110794795A (en) * | 2019-11-27 | 2020-02-14 | 上海三零卫士信息安全有限公司 | Industrial control information security risk assessment model based on distributed inspection |
| CN111490976A (en) * | 2020-03-24 | 2020-08-04 | 浙江中烟工业有限责任公司 | Dynamic baseline management and monitoring method for industrial control network |
| CN111490976B (en) * | 2020-03-24 | 2022-04-15 | 浙江中烟工业有限责任公司 | Dynamic baseline management and monitoring method for industrial control network |
| CN113518054A (en) * | 2020-04-09 | 2021-10-19 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Safety configuration acquisition method for railway industry information system |
| CN113055379A (en) * | 2021-03-11 | 2021-06-29 | 北京顶象技术有限公司 | Risk situation perception method and system for key infrastructure of whole network |
| CN113037766A (en) * | 2021-03-23 | 2021-06-25 | 中通服创发科技有限责任公司 | Comprehensive evaluation method for asset safety and health degree under multiple scenes |
| CN112800408A (en) * | 2021-04-15 | 2021-05-14 | 工业信息安全(四川)创新中心有限公司 | Industrial control equipment fingerprint extraction and identification method based on active detection |
| CN113315767A (en) * | 2021-05-26 | 2021-08-27 | 国网山东省电力公司电力科学研究院 | Electric power Internet of things equipment safety detection system and method |
| CN113315767B (en) * | 2021-05-26 | 2023-08-22 | 国网山东省电力公司电力科学研究院 | Electric power internet of things equipment safety detection system and method |
| CN113329027A (en) * | 2021-06-16 | 2021-08-31 | 北京凌云信安科技有限公司 | Spatial asset mapping system fusing multidimensional asset image and vulnerability association analysis |
| CN113676459A (en) * | 2021-07-28 | 2021-11-19 | 中国石油化工股份有限公司 | Real-time industrial control passive identification method for Rockwell equipment |
| CN113676459B (en) * | 2021-07-28 | 2023-06-06 | 中国石油化工股份有限公司 | Real-time industrial control passive identification method for Rockwell equipment |
| CN113791973A (en) * | 2021-08-23 | 2021-12-14 | 湖北省农村信用社联合社网络信息中心 | Compatibility baseline detection method and system based on rural telecommunication system |
| CN113791973B (en) * | 2021-08-23 | 2022-09-06 | 湖北省农村信用社联合社网络信息中心 | Compatibility baseline detection method and system based on rural telecommunication system |
| CN114157493A (en) * | 2021-12-06 | 2022-03-08 | 中国船级社 | Industrial control system network security simulation test platform and computer equipment |
| CN114499974A (en) * | 2021-12-28 | 2022-05-13 | 深圳供电局有限公司 | Device detection method, device, computer device and storage medium |
| CN114499974B (en) * | 2021-12-28 | 2023-12-19 | 深圳供电局有限公司 | Device detection method, device, computer device and storage medium |
| CN114978614A (en) * | 2022-04-29 | 2022-08-30 | 广州市昊恒信息科技有限公司 | IP asset rapid scanning processing system |
| CN115618353A (en) * | 2022-10-21 | 2023-01-17 | 北京珞安科技有限责任公司 | Identification system and method for industrial production safety |
| CN115618353B (en) * | 2022-10-21 | 2024-01-23 | 北京珞安科技有限责任公司 | Industrial production safety identification system and method |
| CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
| CN116318783B (en) * | 2022-12-05 | 2023-08-22 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109613899A (en) | A method of the industrial control system security risk assessment based on allocation list | |
| CN109861988A (en) | A kind of industrial control system intrusion detection method based on integrated study | |
| CN107438052B (en) | A kind of anomaly detection method towards unknown industrial communication protocol specification | |
| CN109639481A (en) | A kind of net flow assorted method, system and electronic equipment based on deep learning | |
| CN101562537B (en) | Distributed self-optimized intrusion detection alarm associated system | |
| CN110990386A (en) | Industrial internet platform monitoring data transmission and exchange method and system | |
| CN107204975B (en) | Industrial control system network attack detection technology based on scene fingerprints | |
| CN108011893A (en) | A kind of asset management system based on networked asset information gathering | |
| CN106817363B (en) | Intelligent ammeter abnormity detection method based on neural network | |
| CN110677430B (en) | User risk degree evaluation method and system based on log data of network security equipment | |
| CN109391700A (en) | Internet of Things safe cloud platform based on depth traffic aware | |
| CN106230780B (en) | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform | |
| CN103957203B (en) | A kind of network security protection system | |
| CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
| CN101452469A (en) | Software safety defect library system based on attack mode and management method thereof | |
| CN109639756A (en) | A kind of terminal network incidence relation is shown and equipment accesses real-time monitoring system | |
| CN110765087A (en) | User account abuse auditing method and system based on network security device log data | |
| CN106411644A (en) | Network sharing device detection method and system based on DPI technology | |
| CN110493180A (en) | A kind of substation network communication flow real-time analysis method | |
| CN110868404A (en) | Industrial control equipment automatic identification method based on TCP/IP fingerprint | |
| CN110266680A (en) | A kind of industrial communication method for detecting abnormality based on dual similarity measurement | |
| CN115964757A (en) | Drainage basin environment monitoring and disposal method and device based on block chain | |
| CN117411703A (en) | Modbus protocol-oriented industrial control network abnormal flow detection method | |
| CN115941317A (en) | Network security comprehensive analysis and situation awareness platform | |
| CN107256466A (en) | A kind of gas works construction management system and management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190412 |