CN109714371A - A kind of industry control network safety detecting system - Google Patents
A kind of industry control network safety detecting system Download PDFInfo
- Publication number
- CN109714371A CN109714371A CN201910186014.XA CN201910186014A CN109714371A CN 109714371 A CN109714371 A CN 109714371A CN 201910186014 A CN201910186014 A CN 201910186014A CN 109714371 A CN109714371 A CN 109714371A
- Authority
- CN
- China
- Prior art keywords
- equipment
- module
- safety
- security
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
A kind of industry control network safety detecting system is provided in the embodiment of the present invention, belong to technical field of network security, the system includes the first equipment, and first equipment is provided with secure communication module and scan module, and the secure communication module is connect by communication network with the second equipment and third equipment;Second equipment, second equipment are provided with safety management module, and the safety management module sends the request of telesecurity management service to the first equipment;Third equipment, customization safety device relevant to safety management and matching module are provided in third equipment, the matching module matches the second security component to first equipment based on the environmental information and receives and install the second security component distributed from the third equipment on the first device, executes safety management to first equipment based on second security component.By the processing scheme of the application, the safety of equipment is improved.
Description
Technical field
The present invention relates to technical field of network security more particularly to a kind of industry control network safety detecting systems.
Background technique
In today that Internet is popular and web technology rapidly develops, network security institute facing challenges are increasingly serious.
Along with the growth of attack and the destruction of the promotion and base web of online information and the availability of service, security risk reaches
Unprecedented height.Since numerous trouble free services concentrate on network itself above, weblication almost passes into silence.
Perhaps this is because application program used to be the stand-alone program run on one computer, if this computer security
If, then application program is exactly safe.Nowadays, situation is made a world of difference, and weblication is on a variety of different machines
Operation: client, web server, database server and application server.Moreover, can generally be allowed because of them all
People uses, so these application programs become the backstage bypass of numerous attack activities.
The security breaches of software are primarily referred to as in the compiling procedure of software, are easy to make entire computer software
At the defect threatened in terms of safety, or the summation of all kinds of factors that the operation of whole system can be affected.By
All artificially worked out in computer software, thus all can because of software authorized personnel during making software the considerations of ask
Topic does not bring security breaches comprehensively.The loophole of Common software includes: software operation, the exception in use;Loophole in terms of agreement;
The misoperation behavior of software after computer is infected by poisoning intrusion.
In actual application, user has increasingly higher demands for the safety of computer equipment.Therefore, one is needed
The completely new calculating equipment safety processing scheme of kind.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of industry control network safety detecting system, existing skill is at least partly solved
The problem of art.
The embodiment of the invention provides a kind of industry control network safety detecting systems, comprising:
A kind of industry control network safety detecting system, comprising:
First equipment, first equipment are provided with secure communication module and scan module, and the secure communication module is logical
Communication network is crossed to connect with the second equipment and third equipment;
Second equipment, second equipment are provided with safety management module, and the safety management module is sent out to the first equipment
Telesecurity management service is sent to request;
The scan module is requested based on the telesecurity management service, executes come from the safety on the first device
The initialization scan of management module operates, and after initialization scan completion, installs the first safety detection component, described
First safety detection component is used to extract the environmental information of first equipment;
The environmental information of first equipment is sent to the with the communication connection of the first equipment by the secure communication module
Three equipment are provided with customization safety device relevant to safety management and matching module, the matching in the third equipment
Module is based on the environmental information and matches the second security component to first equipment;
The second security component from third equipment distribution, second safety are received and installed on the first device
Component is one that environmental information of the third equipment based on first equipment is selected from the customization safety device
A or multiple customization security module set are based on second security component pair after the second security component is installed successfully
First equipment executes safety management.
A kind of specific implementation according to an embodiment of the present invention, second equipment further include:
Rule module, the rule module is before the scan module executes initialization scan to the first equipment, Xiang Suoshu
Scan module issues security sweep rule;
Safe sample database, the file that the safe sample database extracts the scan module on the first device
Feature carries out Data Matching, and distributes the first safety detection component to the first equipment based on the result of Data Matching.
A kind of specific implementation according to an embodiment of the present invention, first equipment further include:
Secure verification module carries out security verification for the telesecurity management service request to second equipment;
Registration module, for after the security verification passes through, starting first equipment to second equipment
Registration, and set isolation for first equipment, and receive second equipment succeed in registration message it
Afterwards, scanning mode is set by isolation by first equipment.
A kind of specific implementation according to an embodiment of the present invention, the scan module are also used to:
Receive the vulnerability scanning request from second equipment;
It is requested in response to the vulnerability scanning, the first safety detection component is installed on said first device;
The first safety detection component is requested to execute the vulnerability scanning for being directed to first equipment;
Second equipment is sent by secure communication module by the result of vulnerability scanning.
A kind of specific implementation according to an embodiment of the present invention, the secure communication module are also used to:
It is sent to after second equipment in first equipment there is no the scanning results of security breaches, from described
The first safety detection component is received in second equipment.
A kind of specific implementation according to an embodiment of the present invention, the secure verification module are also used to:
It is described the first safety detection component is received from second equipment after, receive second equipment and send
To the authentication key of first equipment.
A kind of specific implementation according to an embodiment of the present invention, second security component are also used to:
The network environment where the first equipment is obtained, safety evaluation is carried out to the network environment, obtains the first assessment
Value.
A kind of specific implementation according to an embodiment of the present invention, second security component are also used to:
In the case where first assessed value is greater than first threshold, the program to be measured in first equipment, touching are obtained
The starting for sending out program to be measured described, and assessing the start-up course of the program to be measured, obtains the second assessed value, and described
Two assessed values include the characteristic value of the program to be measured and the start-up parameter of the program to be measured.
A kind of specific implementation according to an embodiment of the present invention, second security component are also used to:
Search whether exist and second assessed value corresponding in the safe sample database of second equipment
With data, when there are matched data, Hole Detection is carried out in first equipment based on second assessed value.
A kind of specific implementation according to an embodiment of the present invention, the secure verification module are also used to:
Obtain the communication log of the first equipment Yu the second equipment;
Based on the communication log, the security key between first equipment and the second equipment is determined;
Based on the security key, the safety certification request that the safety management module from the second equipment is sent is received.
Industry control network safety detecting system in the embodiment of the present invention, including the first equipment, first equipment are provided with
Secure communication module and scan module, the secure communication module are connect by communication network with the second equipment and third equipment;
Second equipment, second equipment are provided with safety management module, and the safety management module sends long-range peace to the first equipment
Full management service request;The scan module is requested based on the telesecurity management service, executes come from the first device
The initialization scan of the safety management module operates, and after initialization scan completion, installs the first safety detection
Component, the first safety detection component are used to extract the environmental information of first equipment;The secure communication module is by institute
The environmental information for stating the first equipment is sent to third equipment with the communication connection of the first equipment, be provided in the third equipment with
The relevant customization safety device of safety management and matching module, the matching module are based on the environmental information to described first
Equipment matches the second security component;It receives on the first device and the second secure group from third equipment distribution is installed
Part, second security component are that environmental information of the third equipment based on first equipment fills safely from the customization
The one or more customization security module set selected in setting, after the second security component is installed successfully, based on described
Second security component executes safety management to first equipment.By the scheme of the application, the safety of equipment is improved.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this field
For those of ordinary skill, without creative efforts, it can also be obtained according to these attached drawings other attached drawings.
Fig. 1 is safety equipment schematic diagram of management system structure provided in an embodiment of the present invention;
Fig. 2 is a kind of safety equipment management process schematic diagram provided in an embodiment of the present invention;
Fig. 3 is another safety equipment management process schematic diagram provided in an embodiment of the present invention;
Fig. 4 is another safety equipment management process schematic diagram provided in an embodiment of the present invention;
Fig. 5 is another safety equipment management process schematic diagram provided in an embodiment of the present invention;
Fig. 6 is electronic equipment schematic diagram provided in an embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
Illustrate embodiment of the present disclosure below by way of specific specific example, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the disclosure easily.Obviously, described embodiment is only the disclosure
A part of the embodiment, instead of all the embodiments.The disclosure can also be subject to reality by way of a different and different embodiment
It applies or applies, the various details in this specification can also be based on different viewpoints and application, in the spirit without departing from the disclosure
Lower carry out various modifications or alterations.It should be noted that in the absence of conflict, the feature in following embodiment and embodiment can
To be combined with each other.Based on the embodiment in the disclosure, those of ordinary skill in the art are without creative efforts
Every other embodiment obtained belongs to the range of disclosure protection.
It should be noted that the various aspects of embodiment within the scope of the appended claims are described below.Ying Xian
And be clear to, aspect described herein can be embodied in extensive diversified forms, and any specific structure described herein
And/or function is only illustrative.Based on the disclosure, it will be understood by one of ordinary skill in the art that one described herein
Aspect can be independently implemented with any other aspect, and can combine the two or both in these aspects or more in various ways.
For example, carry out facilities and equipments in terms of any number set forth herein can be used and/or practice method.In addition, can make
With other than one or more of aspect set forth herein other structures and/or it is functional implement this equipment and/or
Practice the method.
It should also be noted that, diagram provided in following embodiment only illustrates the basic structure of the disclosure in a schematic way
Think, component count, shape and the size when only display is with component related in the disclosure rather than according to actual implementation in schema are drawn
System, when actual implementation kenel, quantity and the ratio of each component can arbitrarily change for one kind, and its assembly layout kenel can also
It can be increasingly complex.
In addition, in the following description, specific details are provided for a thorough understanding of the examples.However, fields
The skilled person will understand that the aspect can be practiced without these specific details.
The embodiment of the present disclosure provides a kind of industry control network safety detecting system.Industry control network provided in this embodiment is examined safely
Examining system can be executed by a computing device, which can be implemented as software, or be embodied as software and hardware
Combination, which, which can integrate, is arranged in server, terminal device etc..
Referring to Fig. 1, a kind of industry control network safety detecting system provided in an embodiment of the present invention, including the first equipment, second
Equipment and third equipment.First equipment is provided with secure communication module and scan module, and the secure communication module passes through communication
Network is connect with the second equipment and third equipment.Second equipment is provided with safety management module, and the safety management module is to first
Equipment sends the request of telesecurity management service.It is provided with matching module in third equipment and customizes safety device.Match mould
Request of the block based on the first equipment chooses one or more customization security modules from customizing, forms second in safety device
Safety detection component, and it is sent to the first equipment.
The scan module is requested based on the telesecurity management service, executes come from the safety on the first device
The initialization scan of management module operates, and after initialization scan completion, installs the first safety detection component, described
First safety detection component is used to extract the environmental information of first equipment.
First equipment is the hardware device for needing to carry out safety management, and as an example, the first equipment can be calculating
Machine, mobile phone or other calculating equipment.Operating system can be run in first equipment (for example, windows system, Linux system
System, IOS system, android system), program to be measured is the application program operated in the first device operating system.
Second equipment and the first equipment communicate to connect, and are equipped with safety management module inside the second equipment, are based on the safety
Management module, the second equipment can carry out safety management to the equipment being attached thereto.Specifically, the second equipment is getting first
After the information of equipment, the request of telesecurity management service can be sent to the first equipment by wired or wireless mode, led to
It crosses and receives the response that the first equipment requests telesecurity management service, safety management further is carried out to the first equipment.
First equipment, can be to the long-range peace after receiving the telesecurity management service request from the second equipment
Full management service request is parsed.For example, the first equipment can request telesecurity management service to carry out data verification, when
By telesecurity management service request analysis to the second equipment be trusted device after, further with the second equipment into
Row communication connection.
Include initialization scan operation requests for the first equipment in the request of telesecurity management service, sets when first
It is standby to assert the second equipment for the initialization scan behaviour from the safety management module after trusted device, executed
Make.It is operated by initialization scan, preliminary scanning can be carried out to the environmental information in the first equipment, and extract the first equipment
Upper characteristic information relevant to equipment safety.
After initialization scan completion, the result after scanning can be sent to the second equipment, the second equipment by the first equipment
In safety management module receive the first equipment transmission scanning result after, scanning result is analyzed, when analysis tie
After fruit shows that the security context of the first equipment needs to carry out further safety management, first is installed to the first equipment by network
Safety detection component, the first safety detection component are used to further extract the environmental information of first equipment.First safety
Detection components can have the security software of specific function.
The environmental information of first equipment is sent to the with the communication connection of the first equipment by the secure communication module
Three equipment are provided with customization safety device relevant to safety management and matching module, the matching in the third equipment
Module is based on the environmental information and matches the second security component to first equipment.
After first safety detection component obtains information scanning and acquisition permission on the first device, first can be set
Standby environmental information is sent to the specified third equipment of the safety management module in the second equipment.Third equipment and the first equipment are logical
Letter connects, and is provided with multiple customization security modules relevant to safety management, each customization security module in third equipment
With different safety detection functions.Illustratively, customizing security module may include detecting the module of particular network virus,
Also may include detection application-specific whether there is the module of loophole.Customizing module can exist in the form of software.
Second equipment and third equipment communicate to connect, and third can be safeguarded and be updated to the safety management module in the second equipment
One or more customization security modules in equipment.
The second security component from third equipment distribution, second safety are received and installed on the first device
Component is one that environmental information of the third equipment based on first equipment is selected from the customization safety device
A or multiple customization security module set are based on second security component pair after the second security component is installed successfully
First equipment executes safety management.
First equipment after sending request to third equipment, verify by the request that third equipment sends the first equipment
Later, the second security component will be sent to the first equipment.According to the content of environmental information in the first equipment, third equipment is from calmly
Inhibition and generation security module Resource selection one or more customizes security module and forms new combination of software, and environment is believed in the first equipment
Breath is different, and the combination of software on the second security component also can be different, since different customization security modules has different function
Can, by way of combination of software, the software assembly of most suitable first equipment safety management can be configured, that is, the second safety
Component.Second security component targetedly can carry out safety management to the first equipment, to improve the efficiency of safety management.
As an alternative embodiment, the second equipment can also include rule module and safe sample number referring to Fig. 1
According to library, for rule module before the scan module executes initialization scan to the first equipment, Xiang Suoshu scan module issues safety
Scanning rule, by these security sweeps rule, the scan module of the first equipment can carry out safety to the environment of the first equipment
Scanning.
Safe sample database carries out Data Matching to the file characteristic that the scan module extracts on the first device, and
Distribute the first safety detection component to the first equipment based on the result of Data Matching.As an example, the first security component can
To be stored in safe sample database.
In order to ensure the safety of the first equipment, a kind of specific implementation according to an embodiment of the present invention, the first equipment is also
It include: secure verification module and registration module.Secure verification module is used for the telesecurity management service to second equipment
Request carries out security verification, so that whether the second equipment of confirmation belongs to the equipment that can be trusted.When secure verification module confirms
After second equipment is the equipment that can be trusted, registration module is used for after the security verification passes through, and starts described the
Registration of one equipment to second equipment, and isolation is set by first equipment, and receiving described second
After the message that succeeds in registration of equipment, scanning mode is set by isolation by first equipment.By by the first equipment
It is set as different states, the second equipment can obtain the safe condition of the first equipment, and the peace based on the first equipment in real time
Total state carries out safety management to the first equipment.
As an alternative embodiment, scan module is also used to: receiving the vulnerability scanning from second equipment
Request is requested in response to the vulnerability scanning, installs the first safety detection component, the first safety of request on said first device
Detection components execute the vulnerability scanning for being directed to first equipment, send the result of vulnerability scanning to by secure communication module
Second equipment.
After the first equipment is in a safe condition, the first security component can be received and install, specifically, secure communication
There is no the scanning results of security breaches to be sent to after second equipment in first equipment for module, from described second
The first safety detection component is received in equipment.
In order to further guarantee that the communication security between the first equipment and the second equipment, the secure verification module are also used
In: it is described receive the first safety detection component from second equipment after, receive second equipment and be sent to institute
The authentication key for stating the first equipment improves the safety of the first equipment and the second communication between devices by authentication key.
Second security component is used to carry out safety management, as a kind of safety management mode, described second to the first equipment
Security component obtains the network environment where the first equipment, carries out safety evaluation to the network environment, obtains the first assessment
Value.In the case where first assessed value is greater than first threshold, the program to be measured in first equipment is obtained, described in triggering
The starting of program to be measured, and the start-up course of the program to be measured is assessed, obtain the second assessed value, second assessment
Value includes the characteristic value of the program to be measured and the start-up parameter of the program to be measured.
Second assessed value can be uploaded to the second equipment, search whether in the safe sample database of second equipment
In the presence of matched data corresponding with second assessed value, when there are matched data, based on second assessed value described
Hole Detection is carried out in first equipment.
Secure verification module can also obtain the communication log of the first equipment Yu the second equipment, be based on the communication log,
It determines the security key between first equipment and the second equipment, is based on the security key, receive from the second equipment
The safety certification request that safety management module is sent.
Specifically, the first equipment can be communicated with the second equipment during the first equipment is communicated with the second equipment
Journal file saved in the first equipment, include the communication between the first equipment and the second equipment in the communication log
Details, such as, if it is communicated by way of encryption, the security key etc. that coded communication uses.In order to which safety, first is set
Standby to be communicated by the security key of agreement between the second equipment, the security key of the agreement can be the second equipment
The first equipment is sent to by way of distribution, be also possible to the first equipment with the second equipment through consultation by way of determine
Common security key.As a kind of mode, used peace can be communicated with second equipment the last time using the first equipment
Full key is as current security key.After first equipment and the second equipment complete current communication, first can be updated and set
The standby security key between the second equipment.
As an implementation, referring to fig. 2, safety management is carried out on the first device, may include step S101-
S104:
S101 obtains the telesecurity management clothes that the safety management module in the second equipment is initiated in the first equipment
Business request, second equipment and first equipment communicate to connect.
First equipment is the hardware device for needing to carry out safety management, and as an example, the first equipment can be calculating
Machine, mobile phone or other calculating equipment.Operating system can be run in first equipment (for example, windows system, Linux system
System, IOS system, android system), program to be measured is the application program operated in the first device operating system.
Second equipment and the first equipment communicate to connect, and are equipped with safety management module inside the second equipment, are based on the safety
Management module, the second equipment can carry out safety management to the equipment being attached thereto.Specifically, the second equipment is getting first
After the information of equipment, the request of telesecurity management service can be sent to the first equipment by wired or wireless mode, led to
It crosses and receives the response that the first equipment requests telesecurity management service, safety management further is carried out to the first equipment.
S102 is requested based on the telesecurity management service, executes come from the safety management mould on the first device
The initialization scan of block operates, and after initialization scan completion, installs the first safety detection component, first peace
Full detection components are used to extract the environmental information of first equipment.
First equipment, can be to the long-range peace after receiving the telesecurity management service request from the second equipment
Full management service request is parsed.For example, the first equipment can request telesecurity management service to carry out data verification, when
By telesecurity management service request analysis to the second equipment be trusted device after, further with the second equipment into
Row communication connection.
Include initialization scan operation requests for the first equipment in the request of telesecurity management service, sets when first
It is standby to assert the second equipment for the initialization scan behaviour from the safety management module after trusted device, executed
Make.It is operated by initialization scan, preliminary scanning can be carried out to the environmental information in the first equipment, and extract the first equipment
Upper characteristic information relevant to equipment safety.
After initialization scan completion, the result after scanning can be sent to the second equipment, the second equipment by the first equipment
In safety management module receive the first equipment transmission scanning result after, scanning result is analyzed, when analysis tie
After fruit shows that the security context of the first equipment needs to carry out further safety management, first is installed to the first equipment by network
Safety detection component, the first safety detection component are used to further extract the environmental information of first equipment.First safety
Detection components can have the security software of specific function.
The environmental information of first equipment is sent to using the first safety detection component and is communicated with the first equipment by S103
The third equipment of connection is provided with multiple customization security modules relevant to safety management in the third equipment.
After first safety detection component obtains information scanning and acquisition permission on the first device, first can be set
Standby environmental information is sent to the specified third equipment of the safety management module in the second equipment.Third equipment and the first equipment are logical
Letter connects, and is provided with multiple customization security modules relevant to safety management, each customization security module in third equipment
With different safety detection functions.Illustratively, customizing security module may include detecting the module of particular network virus,
Also may include detection application-specific whether there is the module of loophole.Customizing module can exist in the form of software.
Second equipment and third equipment communicate to connect, and third can be safeguarded and be updated to the safety management module in the second equipment
One or more customization security modules in equipment.
S104, receives on the first device and installs the second security component from third equipment distribution, and described the
Two security components are environmental information of the third equipment based on first equipment from the multiple customization security module
The one or more customization security module set selected are based on described second after the second security component is installed successfully
Security component executes safety management to first equipment.
First equipment after sending request to third equipment, verify by the request that third equipment sends the first equipment
Later, the second security component will be sent to the first equipment.According to the content of environmental information in the first equipment, third equipment is from calmly
Inhibition and generation security module Resource selection one or more customizes security module and forms new combination of software, and environment is believed in the first equipment
Breath is different, and the combination of software on the second security component also can be different, since different customization security modules has different function
Can, by way of combination of software, the software assembly of most suitable first equipment safety management can be configured, that is, the second safety
Component.Second security component targetedly can carry out safety management to the first equipment, to improve the efficiency of safety management.
During executing step S101, referring to Fig. 3, a kind of concrete methods of realizing according to an embodiment of the present invention can
To include the following steps:
S201 carries out security verification to the telesecurity management service request of second equipment.
First equipment needs after the telesecurity management service request for receiving the second equipment to telesecurity management
Service request carries out security verification, specifically, can analyze whether the request of telesecurity management service contains preset management
Instruction, after there are preset management instruction, it can be assumed that the request of telesecurity management service, which has, belongs to legitimate origin.
S202 starts registration of first equipment to second equipment after the security verification passes through, and
Isolation is set by first equipment.
After the first equipment completes security verification, the first equipment can be registered on the second device, had
Body, can by the safety management module of the identification information of the first equipment and other identity informations together on the second device into
Row registration.During registration, in order to place other equipment to the communication request of the first equipment, itself is arranged the first equipment
For isolation.
S203, after the message that succeeds in registration for receiving second equipment, by first equipment by isolation
It is set as scanning mode.
After first equipment completes registration on the second device, the security sweep operation of next step can be carried out, for this purpose,
The state of first equipment is converted into scanning mode by isolation.
During executing step S102, held on the first device referring to fig. 4 as an optional embodiment
Initialization scan operation of the row from the safety management module, may include steps of:
S301 receives the vulnerability scanning request from second equipment.
Second equipment complete to the initialization security sweep of the first equipment after, can further to the first equipment into
Capable targetedly vulnerability scanning is requested, first for this purpose, the safety management module of the second equipment sends vulnerability scanning to the first equipment
Equipment can receive the request of the vulnerability scanning from second equipment.
S302 requests in response to the vulnerability scanning, installs the first safety detection component on said first device.
The first safety detection component of detection device environment is stored in second equipment, by way of lower section, second is set
It is standby that the first safety detection component is handed down to the first equipment, after the first equipment receives the first safety detection component again, peace
It is attached in the first equipment.
S303, the first safety detection component of request execute the vulnerability scanning for being directed to first equipment.
After the first safety detection component completes installation, the first equipment can start the first safety detection component,
And the first safety detection component is requested to execute the vulnerability scanning for being directed to first equipment.First safety detection component described in loophole
For extracting the environmental information of first equipment
The result of vulnerability scanning is sent second equipment by S304.
As some optional embodiments, the first safety detection component can be installed using multiple opportunitys, as one
A application scenarios, can in first equipment there is no security breaches scanning result be sent to second equipment it
Afterwards, the first safety detection component is received from second equipment.
In order to guarantee the safety of data interaction, received from second equipment the first safety detection component it
Afterwards, the authentication key in first equipment can also be updated from second equipment.First equipment and the second equipment pass through
Authentication key carries out coded communication.
Other than step S104 disclosed embodiment, referring to Fig. 5, based on second security component to described first
Equipment executes safety management, can also include:
S401 obtains the network environment where the program to be measured in the first equipment, carries out safety to the network environment
Assessment, obtains the first assessed value.
First equipment is the hardware running environment of program to be measured, and as an example, the first equipment can be computer, hand
Machine or other calculating equipment.Operating system can be run in first equipment (for example, windows system, linux system, IOS
System, android system), program to be measured is the application program operated in the first device operating system.
Before treating ranging sequence and carrying out Hole Detection, the network environment for needing to treat ranging sequence carries out safety evaluation,
By the safety for assessing network environment, it can be ensured that the current environment of the first equipment meets the condition of Hole Detection.
Specifically, the network structure in available current network environment, is extracted into first network for the network structure
Model, first network model can refine the information that current network structure is included.In order to first network model
It is evaluated, assessing network model can be preset based on Information Security Standard.Based on pre-set assessing network model,
The first network model is parsed, the second network model comprising multiple essential elements of evaluation is obtained.Illustratively, Duo Geping
Valence element may include network area boundary, degree of protection etc..Essential elements of evaluation can be configured according to the actual needs, herein
The particular content of essential elements of evaluation is not defined.
Based on different needs, different weights different essential elements of evaluation can be arranged, it thus can be in the 4th equipment
Weighting evaluation model is set in (for example, server), when evaluating the network structure in current network environment, from the 4th
The weighting evaluation model that current time is obtained in equipment, adds second network model based on the weighting evaluation model
Power processing, obtains the first processing result.
In addition to that further, can also obtain default in first equipment before obtaining network topology information
Data on flows packet in period parses the data on flows packet, obtains the first parsing result.First parsing result can
To include data on flows relevant to network security in flow packet.Based on the first parsing result, the data on flows packet is carried out
Behavioural characteristic analysis obtains the first analysis as a result, whether the first analysis result includes in flow packet containing network threat information etc.
Content.Based on first analysis as a result, carrying out availability detection to the communication link in first equipment, obtain at second
Manage result.
It, can be to the first processing result and second processing knot after obtaining the first processing result and second processing result
Fruit is normalized, for example, can make the numerical value of the first processing result and second processing result between 0 and 1.By
This, based on first processing result and the second processing as a result, obtaining first assessed value.
S402 triggers the starting of the program to be measured, and right in the case where first assessed value is greater than first threshold
The start-up course of the program to be measured is assessed, and the second assessed value is obtained, and second assessed value includes the program to be measured
Characteristic value and the program to be measured start-up parameter.
Based on the difference of the first device operating system, program to be measured can be various types of softwares, for example, program to be measured
It can be the application program under Windows operating system, it can also be with the application program under Android operation system.When detecting
When first assessed value is greater than preset first threshold, it is believed that current operating system environment belongs to comparatively safe evaluation and test ring
Border can star the Hole Detection for treating ranging sequence.
As a kind of mode, the starting for the program to be measured that can be set out by way of calling program to be measured.Described to be measured
During program starts, the input of the available program to be measured is requested, and is requested, be can determine described based on the input
The parameter value of the corresponding test program of program to be measured, these parameter values may include the Program Type of program to be measured, starting input
Request etc..
Based on the parameter value of the test program, generating the second assessed value be can determine by the second assessed value to ranging
The Hole Detection mode of sequence.
S403 searches whether to exist in the safe sample database of second equipment corresponding with second assessed value
Matched data Hole Detection is carried out in first equipment based on second assessed value when there are matched data.
After getting the second assessed value, just it needs to be determined that Hole Detection scheme corresponding with the second assessed value, thus
It is specially provided with the second equipment with the communication connection of the first equipment, the second equipment can be the server positioned at cloud, second
Newest software under testing Hole Detection scheme is stored in matching database in equipment.Second equipment with first in addition to that can set
Except being communicatively coupled, the equipment for carrying out Hole Detection can also be needed to be communicatively coupled with others, thus for more
More vulnerability detection equipments provides unified Hole Detection scheme.
When, there are when matched data, Hole Detection can directly being carried out in the first equipment in matching database.Specifically
, after getting the second assessed value, according to second assessed value, call corresponding loophole test program to described to be measured
Program executes test operation.As an example, Hole Detection can be carried out to software under testing by the way of fuzz testing.Example
Such as, when the program to be measured got is based on Windows systematic difference program, can match for the application program of the type
Corresponding first test parameter is set, allows test program to treat ranging sequence according to configured first test parameter and is leaked
Hole detection;Alternatively, when the program to be measured got is the application program based on Android, to be automatically configured based on the type
Corresponding second test parameter of test program allows test program according to configured second test parameter to order stroke
Sequence carries out fuzz testing.As it can be seen that the embodiment of the present invention can be according to the difference of the corresponding type of program to be measured, to test program pair
The test parameter answered is configured, allow test program using different test parameters to different types of program to be measured into
Row fuzz testing, to improve loophole treatment effeciency.
During being tested, program to be measured can generate journal file relevant to Hole Detection, for log text
Available abnormal log relevant to the test operation, the spilling of the program to be measured is determined according to the abnormal log in part
Loophole.
In addition to this it is possible to search buffer area corresponding to abnormal loophole, and based on the buffer area determine it is described to
The loophole IA of ranging sequence.
When matched data is not present, just need to carry out by the third equipment communicated to connect with first equipment at this time
Hole Detection.At this time, it may be necessary to document analysis is carried out to the program to be measured using document analysis engine in the third equipment,
The second parsing result is generated, second parsing result includes the source code and binary file information of the program to be measured.
By the second parsing result, the feature of program to be measured can be extracted, next can use the loophole of default settings
Pattern-matching rule carries out result matching to second parsing result, is based on matched similarity, described to ranging to determine
The loophole (the first loophole) of sequence.
Since the first loophole is obtained by way of similarity mode, need whether accurately to verify matching result,
Specifically, loophole position and the loophole type of first loophole can be searched, construction and the loophole position and the loophole
The corresponding lopsided test data of type, and the lopsided test data is injected into the program to be measured, based on it is described to
Ranging sequence judges whether first loophole is the true of the program to be measured for the response data of the lopsided test data
Loophole.
A kind of specific implementation according to an embodiment of the present invention carries out safety evaluation to the network environment, obtains
First assessed value, may include steps of:
S2201 obtains the network structure in the network environment, and the network structure is extracted into first network model.
Network topology generates, and it is the important content of network analog that the front end as network analog, which inputs, and determines network
An important factor for simulating authenticity and reliability.According to different network environments, the network structure where the first equipment can not yet
Together.Brite or Inet topology generator can be used, the simulation for carrying out network topology based on network model generates, and gives birth to by it
At network topology data study the Network status and protocol capabilities in the first device network structure.
After extracting network structure, which can be extracted into stochastic model, hierarchy Model or power law
Any one of model.
S2202 is based on pre-set assessing network model, parses to the first network model, included
Second network model of multiple essential elements of evaluation.
In order to evaluate first network model, assessing network model can be preset based on Information Security Standard.
Based on pre-set assessing network model, the first network model is parsed, is obtained comprising multiple essential elements of evaluation
Second network model.Illustratively, multiple essential elements of evaluation may include network area boundary, degree of protection etc..Essential elements of evaluation can
To be configured according to the actual needs, the particular content of essential elements of evaluation is not defined herein.
S2203 obtains the weighting evaluation model at current time from the 4th equipment, based on the weighting evaluation model to institute
It states the second network model and is weighted processing, obtain the first processing result.
Based on different needs, different weights different essential elements of evaluation can be arranged, it thus can be in the 4th equipment
Weighting evaluation model is set in (for example, server), when evaluating the network structure in current network environment, from the 4th
The weighting evaluation model that current time is obtained in equipment, adds second network model based on the weighting evaluation model
Power processing, obtains the first processing result.
Other than carrying out safety evaluation to network structure, a kind of specific implementation according to an embodiment of the present invention, institute
It states and safety evaluation is carried out to the network environment, obtain the first assessed value, can also include:
S3301 obtains the data on flows packet in the preset time period in first equipment, to the data on flows packet into
Row parsing, obtains the first parsing result.
The packet capture of network bottom layer can be realized in several ways, for example, using the broadcast characteristic of Ethernet
It realizes, is realized in addition it can monitor end by setting router.
After getting data on flows packet, due in data on flows packet there are the more data unrelated with leak analysis,
Therefore need to parse data packet, data relevant to Hole Detection are selected, the first parsing result is formed.
S3302 is based on the first parsing result, carries out behavioural characteristic analysis to the data on flows packet, obtains the first analysis
As a result.
Content in first parsing result is detected, abnormal behaviour flow is further therefrom extracted.Abnormal flow inspection
It surveys and is analyzed using behavioural characteristic, detect the malicious codes such as industrial trojan horse in emulation platform, record threat information, include attack
Time, attack source IP, attack destination IP, application layer protocol, network layer protocol, etc. information, ultimately form the first analysis result.
S3303, based on first analysis as a result, carrying out availability detection to the communication link in first equipment,
Obtain second processing result.
It is analyzed according to first as a result, selection analyzes the matched destination node of result with first, by by the first equipment and in advance
If destination node between be communicatively coupled, the availability of communications between the first equipment and destination node can be tested, be based on
The availability information obtains second processing result.
S3304, based on first processing result and the second processing as a result, obtaining first assessed value.
It, can be to the first processing result and second processing knot after obtaining the first processing result and second processing result
Fruit is normalized, for example, can make the numerical value of the first processing result and second processing result between 0 and 1.By
This, based on first processing result and the second processing as a result, obtaining first assessed value.
The second assessed value, a kind of specific implementation according to an embodiment of the present invention, institute can be obtained using various ways
The starting for triggering the program to be measured is stated, and the start-up course of the program to be measured is assessed, obtains the second assessed value, is wrapped
It includes:
S4401 obtains the input request of the program to be measured during the program to be measured starting.
The input request of program to be measured is the input item needed when program to be measured starting, by obtaining input request, energy
Enough obtain the specific requirements of program to be measured.
S4402 is requested based on the input, determines the parameter value of the corresponding test program of the program to be measured.
Test program is the Hole Detection software with procedure match to be measured, before test program is tested, is needed pair
The parameter value of test program is configured, and by the parameter value, ranging sequence can be treated by test program and is carried out for type
Detection.
S4403 generates the second assessed value based on the parameter value of the test program.
Based on the parameter value of the test program, generating the second assessed value be can determine by the second assessed value to ranging
The Hole Detection mode of sequence.
After obtaining the second assessed value, test is configured according to second assessed value, calls test program to described to be measured
Program executes test operation.During the test, abnormal log relevant to the test operation can be obtained, and according to institute
State the Overflow Vulnerability that abnormal log determines the program to be measured.
As one embodiment, the first equipment, the second equipment and third equipment can be electronic equipment shown in fig. 6, under
Face refers to Fig. 6, and it illustrates the structural schematic diagrams for the electronic equipment 60 for being suitable for being used to realize the embodiment of the present disclosure.The disclosure is implemented
It is (personal that electronic equipment in example can include but is not limited to such as mobile phone, laptop, digit broadcasting receiver, PDA
Digital assistants), PAD (tablet computer), PMP (portable media player), car-mounted terminal (such as vehicle mounted guidance terminal) etc.
Deng mobile terminal and such as number TV, desktop computer etc. fixed terminal.Electronic equipment shown in Fig. 6 is only one
A example, should not function to the embodiment of the present disclosure and use scope bring any restrictions.
As shown in fig. 6, electronic equipment 60 may include processing unit (such as central processing unit, graphics processor etc.) 601,
It can be loaded into random access storage according to the program being stored in read-only memory (ROM) 602 or from storage device 608
Program in device (RAM) 603 and execute various movements appropriate and processing.In RAM 603, it is also stored with the behaviour of electronic equipment 60
Various programs and data needed for making.Processing unit 601, ROM 602 and RAM 603 are connected with each other by bus 604.It is defeated
Enter/export (I/O) interface 605 and is also connected to bus 604.
In general, following device can connect to I/O interface 605: including such as touch screen, touch tablet, keyboard, mouse, figure
As the input unit 606 of sensor, microphone, accelerometer, gyroscope etc.;Including such as liquid crystal display (LCD), loudspeaking
The output device 607 of device, vibrator etc.;Storage device 608 including such as tape, hard disk etc.;And communication device 609.It is logical
T unit 609 can permit electronic equipment 60 and wirelessly or non-wirelessly be communicated with other equipment to exchange data.Although showing in figure
The electronic equipment 60 with various devices is gone out, it should be understood that being not required for implementing or having all devices shown.
It can alternatively implement or have more or fewer devices.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description
Software program.For example, embodiment of the disclosure includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed from network by communication device 609, or from storage device 608
It is mounted, or is mounted from ROM 602.When the computer program is executed by processing unit 601, the embodiment of the present disclosure is executed
Method in the above-mentioned function that limits.
It should be noted that the above-mentioned computer-readable medium of the disclosure can be computer-readable signal media or meter
Calculation machine readable storage medium storing program for executing either the two any combination.Computer readable storage medium for example can be --- but not
Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or any above combination.Meter
The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, just of one or more conducting wires
Taking formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type may be programmed read-only storage
Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device,
Or above-mentioned any appropriate combination.In the disclosure, computer readable storage medium can be it is any include or storage journey
The tangible medium of sequence, the program can be commanded execution system, device or device use or in connection.And at this
In open, computer-readable signal media may include in a base band or as the data-signal that carrier wave a part is propagated,
In carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to
Electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable and deposit
Any computer-readable medium other than storage media, the computer-readable signal media can send, propagate or transmit and be used for
By the use of instruction execution system, device or device or program in connection.Include on computer-readable medium
Program code can transmit with any suitable medium, including but not limited to: electric wire, optical cable, RF (radio frequency) etc. are above-mentioned
Any appropriate combination.
Above-mentioned computer-readable medium can be included in above-mentioned electronic equipment;It is also possible to individualism, and not
It is fitted into the electronic equipment.
Above-mentioned computer-readable medium carries one or more program, when said one or multiple programs are by the electricity
When sub- equipment executes, so that the electronic equipment: obtaining at least two internet protocol addresses;Send to Node evaluation equipment includes institute
State the Node evaluation request of at least two internet protocol addresses, wherein the Node evaluation equipment is internet from described at least two
In protocol address, chooses internet protocol address and return;Receive the internet protocol address that the Node evaluation equipment returns;Its
In, the fringe node in acquired internet protocol address instruction content distributing network.
Alternatively, above-mentioned computer-readable medium carries one or more program, when said one or multiple programs
When being executed by the electronic equipment, so that the electronic equipment: receiving the Node evaluation including at least two internet protocol addresses and request;
From at least two internet protocol address, internet protocol address is chosen;Return to the internet protocol address selected;Wherein,
The fringe node in internet protocol address instruction content distributing network received.
The calculating of the operation for executing the disclosure can be write with one or more programming languages or combinations thereof
Machine program code, above procedure design language include object oriented program language-such as Java, Smalltalk, C+
+, it further include conventional procedural programming language-such as " C " language or similar programming language.Program code can
Fully to execute, partly execute on the user computer on the user computer, be executed as an independent software package,
Part executes on the remote computer or executes on a remote computer or server completely on the user computer for part.
In situations involving remote computers, remote computer can pass through the network of any kind --- including local area network (LAN)
Or wide area network (WAN)-is connected to subscriber computer, or, it may be connected to outer computer (such as utilize Internet service
Provider is connected by internet).
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the disclosure, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of the module, program segment or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are actually
It can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it to infuse
Meaning, the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart can be with holding
The dedicated hardware based system of functions or operations as defined in row is realized, or can use specialized hardware and computer instruction
Combination realize.
Being described in unit involved in the embodiment of the present disclosure can be realized by way of software, can also be by hard
The mode of part is realized.Wherein, the title of unit does not constitute the restriction to the unit itself under certain conditions, for example, the
One acquiring unit is also described as " obtaining the unit of at least two internet protocol addresses ".
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (10)
1. a kind of industry control network safety detecting system characterized by comprising
First equipment, first equipment are provided with secure communication module and scan module, and the secure communication module passes through logical
Communication network is connect with the second equipment and third equipment;
Second equipment, second equipment are provided with safety management module, and the safety management module sends remote to the first equipment
The request of journey security management services;
The scan module is requested based on the telesecurity management service, executes come from the safety management on the first device
The initialization scan of module operates, and after initialization scan completion, the first safety detection component of installation, and described first
Safety detection component is used to extract the environmental information of first equipment;
The environmental information of first equipment is sent to and sets with the third of the first equipment communication connection by the secure communication module
It is standby, customization safety device relevant to safety management and matching module, the matching module are provided in the third equipment
The second security component is matched to first equipment based on the environmental information;
It receives on the first device and the second security component from third equipment distribution, second security component is installed
For environmental information of the third equipment based on first equipment from the customization safety device select one or
Multiple customization security module set, after the second security component is installed successfully, based on second security component to described
First equipment executes safety management.
2. system according to claim 1, which is characterized in that second equipment further include:
Rule module, the rule module is before the scan module executes initialization scan to the first equipment, to the scanning
Module issues security sweep rule;
Safe sample database, the file characteristic that the safe sample database extracts the scan module on the first device
Data Matching is carried out, and the first safety detection component is distributed to the first equipment based on the result of Data Matching.
3. system according to claim 1, which is characterized in that first equipment further include:
Secure verification module carries out security verification for the telesecurity management service request to second equipment;
Registration module, for after the security verification passes through, starting note of first equipment to second equipment
Volume, and isolation is set by first equipment, and after the message that succeeds in registration for receiving second equipment, it will
First equipment is set as scanning mode by isolation.
4. system according to claim 1, which is characterized in that the scan module is also used to:
Receive the vulnerability scanning request from second equipment;
It is requested in response to the vulnerability scanning, the first safety detection component is installed on said first device;
The first safety detection component is requested to execute the vulnerability scanning for being directed to first equipment;
Second equipment is sent by secure communication module by the result of vulnerability scanning.
5. system according to claim 4, which is characterized in that the secure communication module is also used to:
Scanning result in first equipment there is no security breaches is sent to after second equipment, from described second
The first safety detection component is received in equipment.
6. system according to claim 5, which is characterized in that the secure verification module is also used to:
It is described the first safety detection component is received from second equipment after, receive second equipment and be sent to institute
State the authentication key of the first equipment.
7. system according to claim 1, which is characterized in that second security component is also used to:
The network environment where the first equipment is obtained, safety evaluation is carried out to the network environment, obtains the first assessed value.
8. system according to claim 7, which is characterized in that second security component is also used to:
In the case where first assessed value is greater than first threshold, the program to be measured in first equipment is obtained, triggers institute
The starting of program to be measured is stated, and the start-up course of the program to be measured is assessed, obtains the second assessed value, described second comments
Valuation includes the characteristic value of the program to be measured and the start-up parameter of the program to be measured.
9. system according to claim 8, which is characterized in that second security component is also used to:
Search whether there is coupling number corresponding with second assessed value in the safe sample database of second equipment
According to carrying out Hole Detection in first equipment based on second assessed value when there are matched data.
10. system according to claim 1, which is characterized in that the secure verification module is also used to:
Obtain the communication log of the first equipment Yu the second equipment;
Based on the communication log, the security key between first equipment and the second equipment is determined;
Based on the security key, the safety certification request that the safety management module from the second equipment is sent is received.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186014.XA CN109714371B (en) | 2019-03-12 | 2019-03-12 | Industrial control network safety detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186014.XA CN109714371B (en) | 2019-03-12 | 2019-03-12 | Industrial control network safety detection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109714371A true CN109714371A (en) | 2019-05-03 |
| CN109714371B CN109714371B (en) | 2021-07-09 |
Family
ID=66265779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910186014.XA Active CN109714371B (en) | 2019-03-12 | 2019-03-12 | Industrial control network safety detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109714371B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115065552A (en) * | 2022-07-27 | 2022-09-16 | 北京六方云信息技术有限公司 | Industrial communication protection method, device, terminal equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104268476A (en) * | 2014-09-30 | 2015-01-07 | 北京奇虎科技有限公司 | Application running method |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| US20170286689A1 (en) * | 2016-03-30 | 2017-10-05 | Airwatch Llc | Detecting vulnerabilities in managed client devices |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
| CN109040119A (en) * | 2018-09-11 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of leak detection method and device of intelligent building network |
| CN109218336A (en) * | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
-
2019
- 2019-03-12 CN CN201910186014.XA patent/CN109714371B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104268476A (en) * | 2014-09-30 | 2015-01-07 | 北京奇虎科技有限公司 | Application running method |
| US20170286689A1 (en) * | 2016-03-30 | 2017-10-05 | Airwatch Llc | Detecting vulnerabilities in managed client devices |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
| CN109040119A (en) * | 2018-09-11 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of leak detection method and device of intelligent building network |
| CN109218336A (en) * | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115065552A (en) * | 2022-07-27 | 2022-09-16 | 北京六方云信息技术有限公司 | Industrial communication protection method, device, terminal equipment and storage medium |
| CN115065552B (en) * | 2022-07-27 | 2023-01-10 | 北京六方云信息技术有限公司 | Industrial communication protection method, device, terminal equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109714371B (en) | 2021-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107317730B (en) | Method, equipment and system for monitoring state of block chain node | |
| Malik et al. | CREDROID: Android malware detection by network traffic analysis | |
| EP2595423B1 (en) | Application security evaluation system and method | |
| KR101143999B1 (en) | Apparatus and method for analyzing application based on application programming interface | |
| US9143509B2 (en) | Granular assessment of device state | |
| CN111683047B (en) | Unauthorized vulnerability detection method, device, computer equipment and medium | |
| CN103890770A (en) | System and method for whitelisting applications in a mobile network environment | |
| CN102082802A (en) | Behavior-based mobile terminal security protection system and method | |
| CN103716785A (en) | Mobile Internet security service system | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| CN109818972A (en) | A kind of industrial control system information security management method, device and electronic equipment | |
| Khaled et al. | Assessing the severity of smart attacks in industrial cyber-physical systems | |
| CN113239397A (en) | Information access method, device, computer equipment and medium | |
| Chen et al. | Detection, traceability, and propagation of mobile malware threats | |
| Yuan et al. | Smartpatch: Verifying the authenticity of the trigger-event in the IoT platform | |
| CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
| KR101657667B1 (en) | Malicious app categorization apparatus and malicious app categorization method | |
| CN105933300A (en) | Safety management method and device | |
| CN109714371A (en) | A kind of industry control network safety detecting system | |
| CN109933990A (en) | Security breaches discovery method, apparatus and electronic equipment based on multi-mode matching | |
| CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
| KR101382549B1 (en) | Method for pre-qualificating social network service contents in mobile environment | |
| CN106452753B (en) | Method for constructing terminal trusted platform in cloud computing environment | |
| Dimitriadis et al. | Malevolent app pairs: an android permission overpassing scheme | |
| CN115170355A (en) | Evidence obtaining data credibility verification method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |