CN110399718A - A method of the long-range infiltration for industrial control system is collected evidence - Google Patents

A method of the long-range infiltration for industrial control system is collected evidence Download PDF

Info

Publication number
CN110399718A
CN110399718A CN201910482385.2A CN201910482385A CN110399718A CN 110399718 A CN110399718 A CN 110399718A CN 201910482385 A CN201910482385 A CN 201910482385A CN 110399718 A CN110399718 A CN 110399718A
Authority
CN
China
Prior art keywords
controlled terminal
long
file
control system
industrial control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910482385.2A
Other languages
Chinese (zh)
Other versions
CN110399718B (en
Inventor
王佰玲
孙公亮
冯艳丽
刘扬
辛国栋
魏玉良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin University Of Technology (weihai) Innovation Pioneer Park Co Ltd
Harbin Institute of Technology Weihai
Original Assignee
Harbin University Of Technology (weihai) Innovation Pioneer Park Co Ltd
Harbin Institute of Technology Weihai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin University Of Technology (weihai) Innovation Pioneer Park Co Ltd, Harbin Institute of Technology Weihai filed Critical Harbin University Of Technology (weihai) Innovation Pioneer Park Co Ltd
Priority to CN201910482385.2A priority Critical patent/CN110399718B/en
Publication of CN110399718A publication Critical patent/CN110399718A/en
Application granted granted Critical
Publication of CN110399718B publication Critical patent/CN110399718B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of methods of long-range infiltration evidence obtaining for industrial control system, include the following steps: that (1) locally proposes power;(2) permission is resident;(3) information is collected;(4) local vulnerability scanning;(5) remote scanning utilizes, the method disclosed in the present can be in target industry control Intranet, to permeate the visual angle of personnel, Intranet penetration testing is carried out to target network and destination host, reference value is provided for industry control security protection and provides professional tool for industry control security evaluation, is of great significance to industry control security evaluation, evidence obtaining and protection.

Description

A method of the long-range infiltration for industrial control system is collected evidence
Technical field
It is the present invention relates to a kind of safety evaluation method of industrial Intranet, in particular to a kind of for the remote of industrial control system The method of journey infiltration evidence obtaining.
Background technique
With the continuous development of heavy industry, industrial control system (ICS, hereinafter referred to as industrial control system) becomes safely people and closes The focus of note.Nowadays, industrial control system is as industrial infrastructure, and there is serious security threats, for example, industry control Antivirus software is not installed in enterprise's not patch installing, host, the Windows XP system no longer safeguarded using Microsoft the problems such as all lead It causes industrial control host there is power and code execution loophole is largely remotely proposed, destroys attacker and unauthorized person easily Industrial control system.
The tool for carrying out security evaluation for industrial Intranet at present mainly has following 4 class:
(1) vulnerability scanning class tool: such tool is mainly positioned as commenting for industrial equipment/host progress security sweep Estimate, detect safety problem from mechanical floor, network layer, application layer, such as weak passwurd loophole, remotely bypasses loophole and remotely mention power loophole Result Deng, scanning provides fragility report for safety officer.The usage scenario of such tool is more limited to, at present can only be right A certain node or a certain group node are scanned, but not can enter and be scanned in node to other connected nodes.
(2) information detection class tool: being mainly used for detecting specified industry control Intranet equipment, carries out to certain node or certain group node Detection, obtains its relevant information and data, such as version, the area DB, content of registers and specified address contents.
(3) Situation Awareness class tool: it is mainly used for detecting the whole network industrial control equipment, obtains the data of all industry control nodes, wrap Include implementor name, device number, version, register or specified address contents etc..
(4) bug excavation class tool: it is mainly used for carrying out bug excavation for a given industrial control equipment IP address. It, to a large amount of deformity message of target formation, makes current buffer overflow, and dig by fuzz testing and the method that remotely monitors Dig security breaches.
All there is certain applications to limit to for above-mentioned 4 class tool, and fluctuation of service, be easy to cause the paralysis of production system Paralysis or collapse.
Summary of the invention
In order to solve the above technical problems, the present invention provides a kind of sides of long-range infiltration evidence obtaining for industrial control system Method ensures the purpose of system stability in test process to reach the paralysis or collapse that avoid production system.
In order to achieve the above objectives, technical scheme is as follows:
A method of the long-range infiltration for industrial control system is collected evidence, and is included the following steps:
(1) local to propose power;
(2) permission is resident;
(3) information is collected;
(4) local vulnerability scanning;
(5) remote scanning utilizes.
In above scheme, the specific method is as follows for the step (1): administrator operates control terminal, and control terminal passes through service Device end connects controlled terminal, is authenticated after controlled terminal is online, certification start after passing through it is local proposes power, multiple propose power by built-in Vulnerability exploit method, find one by one it is available propose power, and promoted and arrive SYSTEM permission, if SYSTEM power can not be promoted Limit then executes and proposes power around the realization of UAC step.
In above scheme, in the step (2), if locally power can not be proposed by proposing power, it tries pass through and infect shortcut Realization proposes power, specifically comprises the following steps:
1) common lnk file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
2) common chm file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
3) common bat file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
4) disk dll file is scanned, scan hijack loophole, and service initiator is set, starting target is set as this Program;
5) html file is scanned, scripted code is inserted into, makes it that can run this controlled terminal program;
6) js file is scanned, scripted code is inserted into, makes it that can run this controlled terminal program;
7) bat file is scanned, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
8) powershell file is scanned, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
9) rundll startup file is added, starting target is this controlled terminal program;
10) plan target is added, starting target is this controlled terminal program;
11) creation service, service starting target is this controlled terminal program;
12) startup file is added to registry boot item;
During the above permission is resident, skips and continue to execute if failure.In replacement process, using the side of multistage link Formula.
In above scheme, the specific method is as follows for step (3) the information collection:
1) traversal process obtains the information of each process;
2) traverse service obtains the information of each service;
3) mount message that mounted software obtains each software is traversed;
4) web socket information (including locally listen to and remotely connect) is obtained;
5) information of local antivirus software is obtained;
6) login password (such as Chrome browser, Firefox browser, XShell, IE browsing of all kinds of softwares are obtained Device, remote desktop voucher etc.);
7) information of configuration software is obtained.
In above scheme, the content of the local vulnerability scanning of the step (4) includes checking that loophole and fragility are weighed in local mentioning Point problem.
In above scheme, step (5) the remote scanning process is as follows:
1) scanning Intranet survival host;
2) port scan is carried out for Intranet survival host and service detects;
3) it is overflowed using long-range attack loophole common in 5 years, remotely executes order, realized long-range directly online;
4) as long-range vulnerability exploit fails, it tries weak passwurd utilizes, shared, Active Directory, sharing printer by IPC Attempt empty password;
5) such as empty password trial failure, then administrator is inquired, it can be further normal to Intranet by the way of weak passwurd scanning The service of opinion is scanned, and service includes FTP, TELNET, SSH.
In further technical solution, online controlled terminal includes two ways: direct-connected online and agency is online;Work as control terminal When being controlled end node to some and issuing task, order is uploaded onto the server end by control terminal first, then server end deposit The task queue of specified node reads task queue and executes order, and then close when controlled terminal automatic regular polling server end Socket.
Through the above technical solutions, a kind of method of long-range infiltration evidence obtaining for industrial control system provided by the invention It has the following beneficial effects:
Industry control intranet security infiltration assessment proposed by the present invention can be in target industry control Intranet, with infiltration with evidence collecting method The visual angle of personnel carries out Intranet penetration testing to target network and destination host.To node (Windows machine each in industrial control system Device) carry out safe penetration assessment and evidence obtaining.Boundary hacker or unauthorized person can be simulated to penetrate into from the external world, provided for administrator dynamic State reference, provides early warning mechanism for enterprise security.It is of great significance to industry control security evaluation, evidence obtaining and protection.It is suitable for All kinds of industry control Intranets and industrial control equipment system, field are not limited to electric power, petroleum and petrochemical industry, tobacco, coal mine etc..
Meanwhile this system is started with from the stability of industrial control system again, avoids the paralysis or collapse of production system, is ensured The stability of system in test process.Reference value is provided to industry control security protection, profession is provided to industry control security evaluation Property tool.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described.
Fig. 1 is a kind of method flow of the long-range infiltration evidence obtaining for industrial control system disclosed in the embodiment of the present invention Schematic diagram;
Fig. 2 is the online process schematic of controlled terminal disclosed in the embodiment of the present invention;
Fig. 3 is server end disclosed in the embodiment of the present invention and controlled terminal communication process schematic diagram;
Fig. 4 is the network structure of this method.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description.
The present invention provides a kind of methods of long-range infiltration evidence obtaining for industrial control system, as shown in Figure 1, this method With the visual angle of long-range penetration testing personnel, Intranet penetration testing is carried out to target network and destination host.
As shown in Figure 1, this method comprises the following steps:
One, it is locally extracted
This method meets the accuracy that the adequacy of acquisition of information, the flexibility of infiltration assessment and crucial loophole examine.It should Method installs this controlled program firstly the need of the fringe node in industrial control system, and installation method includes long-range vulnerability exploit, USB flash disk fortune Row, mail operation etc..After control system operation, program will be carried out proposing power and will be implanted into host system, can starting up.
System is divided into three parts: control terminal, server end, controlled terminal.Administrator operates controlled terminal cluster, clothes in control terminal Business device end runs Linux server, is responsible for establishing connection with controlled terminal cluster.Controlled terminal program (script) runs on Windows Terminal or Linux terminal/server, for being communicated with server end, and the order that execute server end issues.Network structure is such as Shown in Fig. 4.
Administrator operates control terminal, and control terminal connects server end by TCP and with des encryption.Pass through server end again Generating controlled terminal script file, (files such as optional generation BAT, PS, CMD, EXE of Windows, Linux generate python script text Part, BSD and MACOS generate Python script file).The file of the controlled terminal of generation is run on by modes such as USB flash disk/mails Target machine, controlled terminal program will execute following content after operation:
It is connected to server end, cipher authentication by HTTPS, and reads task list and executes, is held if there are task Row task simultaneously uploads as a result, closing socket in turn.Task is such as not present, then directly closes socket.Server end and controlled The main communication at end is as shown in Figure 3.
Controlled terminal is online, and there are two types of modes: direct-connected online (server end is connect with controlled terminal program by HTTPS) and generation Manage online (server end is acted on behalf of with controlled terminal program by HTTPS online).Server end self maintained all controlled terminals Information, including socket, task list, key, fingerprint etc..When control terminal, which is controlled end node to some, issues task, life It enables and being uploaded onto the server end by control terminal first, then the task queue of node is specified in server end deposit.When controlled terminal timing When polling server end, reads task queue and execute order, and then close socket.Process is as shown in Figure 2.
After passing through with server-side certificate, start the local power that proposes and check, multiple mentions power vulnerability exploit by built-in Method, find one by one it is available propose power, and promoted and arrive SYSTEM permission, if SYSTEM permission can not be proposed, execution is bypassed The realization of UAC step proposes power.
Two, permission is resident
If locally power can not be proposed by proposing power, it tries propose power by infection shortcut realization, specifically comprise the following steps:
1) common lnk file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
2) common chm file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
3) common bat file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
4) disk dll file is scanned, scan hijack loophole, and service initiator is set, starting target is set as this Program;
5) html file is scanned, scripted code is inserted into, makes it that can run this controlled terminal program;
6) js file is scanned, scripted code is inserted into, makes it that can run this controlled terminal program;
7) bat file is scanned, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
8) powershell file is scanned, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
9) rundll startup file is added, starting target is this controlled terminal program;
10) plan target is added, starting target is this controlled terminal program;
11) creation service, service starting target is this controlled terminal program;
12) startup file is added to registry boot item;
During the above permission is resident, skips and continue to execute if failure.In replacement process, using the side of multistage link Formula.
Three, information is collected
The specific method is as follows for information collection:
1) traversal process obtains the information of each process;
2) traverse service obtains the information of each service;
3) mount message that mounted software obtains each software is traversed;
4) web socket information (including locally listen to and remotely connect) is obtained;
5) information of local antivirus software is obtained;
6) login password (such as Chrome browser, Firefox browser, XShell, IE browsing of all kinds of softwares are obtained Device, remote desktop voucher etc.);
7) information of configuration software is obtained.
Four, local vulnerability scanning
The content of local vulnerability scanning includes:
1) check that loophole (high-risk) is weighed in local mentioning;
2) local tender spots problem (non-high-risk) is checked, problem includes that leakage of information, weak passwurd, popular software remotely mention Power and leakage of information etc..
Five, remote scanning utilizes
Remote scanning process is as follows:
1) scanning Intranet survival host;
2) port scan is carried out for Intranet survival host and service detects;
3) it is overflowed using long-range attack loophole common in 5 years, remotely executes order, realized long-range directly online;
4) as long-range vulnerability exploit fails, it tries weak passwurd utilizes, shared, Active Directory, sharing printer by IPC Attempt empty password;
5) such as empty password trial failure, then administrator is inquired, it can be further normal to Intranet by the way of weak passwurd scanning The service of opinion is scanned, and service includes FTP, TELNET, SSH.
In addition, administrator need to configure the online target arrived before automatic wire charging, target can be server end or a upper jump Trigger can be completed for the controlled terminal generating process of springboard machine by server end semiautomatic fashion, can also be in long-range benefit After success, it is automatically performed by server end.
Order implementation procedure realizes that Windows uses Powershell script execution command by the way of script execution, Linux uses Python script execution command.The order transmitted by server end is held if control task only includes order Row calls script interpretation function to execute, if control task includes to execute the executable files such as EXE, uses memory loading method Realization loads automatically without additional process.In addition, control terminal user of service (administrator), which can be proposed power/evidence obtaining/in target, assesses it It is resident that permission is carried out afterwards, in order to analyze assessment again in the future.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (7)

1. a kind of method of the long-range infiltration evidence obtaining for industrial control system, which comprises the steps of:
(1) local to propose power;
(2) permission is resident;
(3) information is collected;
(4) local vulnerability scanning;
(5) remote scanning utilizes.
2. a kind of method of long-range infiltration evidence obtaining for industrial control system according to claim 1, which is characterized in that The specific method is as follows for the step (1): administrator operates control terminal, and control terminal connects controlled terminal by server end, is controlled Hold it is online after authenticated, certification start after passing through it is local proposes power, vulnerability exploit method is weighed by built-in multiple mention, is sought one by one Look for it is available propose power, and promoted and arrive SYSTEM permission, if SYSTEM permission can not be promoted, executed and bypass UAC step Realization proposes power.
3. a kind of method of long-range infiltration evidence obtaining for industrial control system according to claim 1, which is characterized in that In the step (2), propose power if local and can not propose power, it tries realized by infection shortcut and propose power, specifically include as Lower step:
1) common lnk file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
2) common chm file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
3) common bat file is infected, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
4) disk dll file is scanned, scan hijack loophole, and service initiator is set, starting target is set as this program;
5) html file is scanned, scripted code is inserted into, makes it that can run this controlled terminal program;
6) js file is scanned, scripted code is inserted into, makes it that can run this controlled terminal program;
7) bat file is scanned, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
8) powershell file is scanned, operational objective is replaced using man-in-the-middle attack method, is changed to controlled terminal program;
9) rundll startup file is added, starting target is this controlled terminal program;
10) plan target is added, starting target is this controlled terminal program;
11) creation service, service starting target is this controlled terminal program;
12) startup file is added to registry boot item;
During the above permission is resident, skips and continue to execute if failure.In replacement process, by the way of multistage link.
4. a kind of method of long-range infiltration evidence obtaining for industrial control system according to claim 1, which is characterized in that The specific method is as follows for step (3) the information collection:
1) traversal process obtains the information of each process;
2) traverse service obtains the information of each service;
3) mount message that mounted software obtains each software is traversed;
4) web socket information (including locally listen to and remotely connect) is obtained;
5) information of local antivirus software is obtained;
6) login password (such as Chrome browser, Firefox browser, XShell, IE browser, remote of all kinds of softwares is obtained Journey desktop voucher etc.);
7) information of configuration software is obtained.
5. a kind of method of long-range infiltration evidence obtaining for industrial control system according to claim 1, which is characterized in that The content of the local vulnerability scanning of the step (4) includes checking that loophole and tender spots problem are weighed in local mentioning.
6. a kind of method of long-range infiltration evidence obtaining for industrial control system according to claim 1, which is characterized in that Step (5) the remote scanning process is as follows:
1) scanning Intranet survival host;
2) port scan is carried out for Intranet survival host and service detects;
3) it is overflowed using long-range attack loophole common in 5 years, remotely executes order, realized long-range directly online;
4) as long-range vulnerability exploit fails, it tries weak passwurd utilizes, and by IPC, shared, Active Directory, sharing printer are attempted Empty password;
5) such as empty password trial failure, then administrator is inquired, it can be further by the way of weak passwurd scanning to the common clothes of Intranet Business is scanned, and service includes FTP, TELNET, SSH.
7. a kind of method of long-range infiltration evidence obtaining for industrial control system according to claim 2, which is characterized in that Online controlled terminal includes two ways: direct-connected online and agency is online;Task is issued when control terminal is controlled end node to some When, order is uploaded onto the server end by control terminal first, and then the task queue of node is specified in server end deposit, works as controlled terminal When automatic regular polling server end, reads task queue and execute order, and then close socket.
CN201910482385.2A 2019-06-04 2019-06-04 Remote penetration evidence obtaining method for industrial control system Active CN110399718B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910482385.2A CN110399718B (en) 2019-06-04 2019-06-04 Remote penetration evidence obtaining method for industrial control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910482385.2A CN110399718B (en) 2019-06-04 2019-06-04 Remote penetration evidence obtaining method for industrial control system

Publications (2)

Publication Number Publication Date
CN110399718A true CN110399718A (en) 2019-11-01
CN110399718B CN110399718B (en) 2023-01-20

Family

ID=68324052

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910482385.2A Active CN110399718B (en) 2019-06-04 2019-06-04 Remote penetration evidence obtaining method for industrial control system

Country Status (1)

Country Link
CN (1) CN110399718B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138925A1 (en) * 2007-05-24 2010-06-03 Bikash Barai Method and system simulating a hacking attack on a network
CN104009881A (en) * 2013-02-27 2014-08-27 广东电网公司信息中心 Method and device for system penetration testing
CN104468267A (en) * 2014-11-24 2015-03-25 国家电网公司 Information safety penetration testing method for distribution automation system
CN105243325A (en) * 2015-09-29 2016-01-13 北京奇虎科技有限公司 Method for residual process file in mobile terminal, mobile terminal and server
CN108182359A (en) * 2017-12-29 2018-06-19 中国信息通信研究院 The method, apparatus and storage medium of API safeties under a kind of test trusted context
US20180270268A1 (en) * 2017-01-30 2018-09-20 XM Ltd. Verifying success of compromising a network node during penetration testing of a networked system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138925A1 (en) * 2007-05-24 2010-06-03 Bikash Barai Method and system simulating a hacking attack on a network
CN104009881A (en) * 2013-02-27 2014-08-27 广东电网公司信息中心 Method and device for system penetration testing
CN104468267A (en) * 2014-11-24 2015-03-25 国家电网公司 Information safety penetration testing method for distribution automation system
CN105243325A (en) * 2015-09-29 2016-01-13 北京奇虎科技有限公司 Method for residual process file in mobile terminal, mobile terminal and server
US20180270268A1 (en) * 2017-01-30 2018-09-20 XM Ltd. Verifying success of compromising a network node during penetration testing of a networked system
CN108182359A (en) * 2017-12-29 2018-06-19 中国信息通信研究院 The method, apparatus and storage medium of API safeties under a kind of test trusted context

Also Published As

Publication number Publication date
CN110399718B (en) 2023-01-20

Similar Documents

Publication Publication Date Title
CN109325351B (en) Security hole automatic verification system based on public testing platform
CN104468267B (en) A kind of electrical power distribution automatization system information security penetration testing method
Paracha et al. IoTLS: understanding TLS usage in consumer IoT devices
Schuster et al. Towards reducing the attack surface of software backdoors
CN102254113A (en) Method and system for detecting and intercepting malicious code of mobile terminal
US10771477B2 (en) Mitigating communications and control attempts
Dai et al. Configuration fuzzing for software vulnerability detection
Johari et al. Penetration testing in IoT network
Inoue et al. Automated malware analysis system and its sandbox for revealing malware's internal and external activities
Yamada et al. RAT-based malicious activities detection on enterprise internal networks
JP2012008732A (en) Installation control device and program
KR102189361B1 (en) Managed detection and response system and method based on endpoint
CN111177715A (en) Mobile App vulnerability detection method and device
CN115361203A (en) Vulnerability analysis method based on distributed scanning engine
CN108809950B (en) Wireless router protection method and system based on cloud shadow system
CN110099041A (en) A kind of Internet of Things means of defence and equipment, system
Sachidananda et al. OVER: Overhauling vulnerability detection for IoT through an adaptable and automated static analysis framework
CN113364744A (en) Method and system for detecting domain user login authentication abnormity based on windows log
Yagi et al. Investigation and analysis of malware on websites
CN112765611A (en) Unauthorized vulnerability detection method, device, equipment and storage medium
CN110399718A (en) A method of the long-range infiltration for industrial control system is collected evidence
Kaur et al. Hybrid real-time zero-day malware analysis and reporting system
Chen et al. A proactive approach to intrusion detection and malware collection
Bin Sulaiman et al. A Framework to Mitigate Attacks in Web Applications.
WO2015178002A1 (en) Information processing device, information processing system, and communication history analysis method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant