CN111796585A - Industrial control equipment vulnerability excavation detection system - Google Patents

Industrial control equipment vulnerability excavation detection system Download PDF

Info

Publication number
CN111796585A
CN111796585A CN202010948339.XA CN202010948339A CN111796585A CN 111796585 A CN111796585 A CN 111796585A CN 202010948339 A CN202010948339 A CN 202010948339A CN 111796585 A CN111796585 A CN 111796585A
Authority
CN
China
Prior art keywords
module
fault
industrial control
vulnerability
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010948339.XA
Other languages
Chinese (zh)
Other versions
CN111796585B (en
Inventor
孟瑜炜
俞荣栋
解剑波
孟强
范海东
虞云军
孙科达
雷徐冰
林楠
刘轩驿
吴林峰
李长春
郁东明
郁东祥
方洪波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Anke Network Technology Co ltd
Zhejiang Energy Group Co ltd
Zhejiang Energy Group Research Institute Co Ltd
Original Assignee
Zhejiang Anke Network Technology Co ltd
Zhejiang Energy Group Co ltd
Zhejiang Energy Group Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Anke Network Technology Co ltd, Zhejiang Energy Group Co ltd, Zhejiang Energy Group Research Institute Co Ltd filed Critical Zhejiang Anke Network Technology Co ltd
Priority to CN202010948339.XA priority Critical patent/CN111796585B/en
Publication of CN111796585A publication Critical patent/CN111796585A/en
Application granted granted Critical
Publication of CN111796585B publication Critical patent/CN111796585B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0208Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
    • G05B23/0213Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0218Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
    • G05B23/0243Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults model based detection method, e.g. first-principles knowledge model
    • G05B23/0245Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults model based detection method, e.g. first-principles knowledge model based on a qualitative model, e.g. rule based; if-then decisions
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0264Control of logging system, e.g. decision on which data to store; time-stamping measurements
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0275Fault isolation and identification, e.g. classify fault; estimate cause or root of failure
    • G05B23/0278Qualitative, e.g. if-then rules; Fuzzy logic; Lookup tables; Symptomatic search; FMEA
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24069Diagnostic

Landscapes

  • Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Quality & Reliability (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The invention relates to a vulnerability mining detection system for industrial control equipment, which comprises: step 1, when an industrial control system works, a system fault vulnerability scanning module carries out fault scanning detection on equipment, equipment ports and port connection data lines which are easy to have faults in the industrial control system; and 2, positioning the industrial control system equipment, the port and the data line by the system positioning module, and providing system model construction data for the industrial control system model module. The invention has the beneficial effects that: according to the invention, the fault event automatic recording module is arranged to record the fault event which actually occurs in the industrial control system, so that real fault data information of the actual industrial control system is obtained, the comparison and analysis of the virtual fault condition for the subsequent vulnerability analysis and mining module are facilitated, the relatively reliable vulnerability cause is obtained, the obtained fault vulnerability cause is recorded by using the fault vulnerability sorting database, and the subsequent fault vulnerability analysis and reporting module is facilitated to output a fault vulnerability report.

Description

Industrial control equipment vulnerability excavation detection system
Technical Field
The invention relates to the field of industrial control, in particular to a vulnerability mining detection system for industrial control equipment.
Background
The maintenance protection measures are generally implemented by controlling an electrical control system of the engineering equipment. The electric control system comprises a main circuit and a control circuit, wherein the main circuit is connected with a power supply and a motor (or other execution electric appliances) and provides electric energy for the motor of the engineering equipment to keep the engineering equipment running; the function of the control circuit lies in that the switching of the closing and opening states of the main circuit is realized through the change of the state of the control circuit, and further the control of the running state of the motor is realized, from the view point of an industrial control system, along with the development of computers and network technologies, especially the deep integration of informatization and industrialization, the industrial control system increasingly adopts general protocols, general hardware and general software, and service systems connected through public networks such as the internet are more and more common, so that the attack behavior aiming at the industrial control system is greatly increased, the vulnerability of the industrial control system is gradually shown, and the problem of the information security is increasingly prominent.
The prior art has the following defects: when fault leak reason analysis is carried out on an industrial control equipment system, most faults occurring in the system are analyzed, and fault reasons are analyzed and excavated, but the reasons for the faults occurring in the industrial control equipment system are various, and the faults occurring during the working of the system are not enough in leak analysis requirements, so that the leak excavation effect on the industrial control equipment system is influenced.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides a vulnerability mining detection system for industrial control equipment.
The industrial control equipment vulnerability mining detection system comprises a server for receiving and processing data, a system positioning module, a system fault vulnerability scanning module, an industrial control system model module, an industrial control equipment model simulation operation module, a vulnerability analysis mining module, an industrial control fault simulation setting module, a fault event automatic recording module, a fault vulnerability sorting database module, a fault vulnerability analysis reporting module, an equipment positioning module, an equipment port positioning module, an equipment line path module, an equipment scanning module, an equipment port scanning module, an equipment line scanning module, an equipment fault simulation setting module, a port fault simulation setting module, a line fault simulation setting module, a fault display module, a fault alarm module and a simulation setting recording module;
the input end of the server is connected with a system positioning module for positioning the industrial control equipment system and a system fault leak scanning module for scanning and monitoring faults of the industrial control equipment system, the output end of the server is connected with an industrial control system model module for generating an industrial control system model according to the positioning information of the industrial control equipment, the output end of the industrial control system model module is connected with an industrial control equipment model simulation operation module for simulating the generated industrial control equipment model, the output end of the industrial control equipment model simulation operation module is connected with a leak analysis excavation module for performing cause analysis on the faults occurring in the industrial control equipment, the output end of the industrial control equipment model simulation operation module is connected with a fault display module for displaying the states of the faults occurring in the industrial control system model, and technicians can conveniently and visually know the fault positions, the failure reason is roughly evaluated by experience, and system failure elimination is carried out by matching with a subsequent obtained report; the input end of the industrial control equipment model simulation operation module is connected with an industrial control fault simulation setting module for manually setting a simulation fault;
the input end of the system positioning module is connected with an equipment positioning module for positioning the industrial control equipment, an equipment port positioning module for positioning a connection port on the industrial control equipment and an equipment line path module for path positioning of a data line on the industrial control equipment port;
the output end of the system fault loophole scanning module is connected with a fault event automatic recording module for recording faults occurring in the operation process of industrial control equipment, and the output end of the system fault loophole scanning module is also connected with a fault alarm module for alarming when faults occur, so that alarm reminding can be conveniently carried out when the system fails, and the maintenance of timing the industrial control system is convenient; the input end of the system fault loophole scanning module is connected with an equipment scanning module for scanning and monitoring faults of industrial control equipment, an equipment port scanning module for scanning faults of a connection port of the industrial control equipment and an equipment line scanning module for scanning faults of a data line connected to the port of the industrial control equipment; the input end of the vulnerability analysis and mining module is connected with a fault vulnerability sorting database module for sorting and storing vulnerabilities searched by simulation fault analysis of the industrial control system, and the output end of the vulnerability analysis and mining module is connected with a fault vulnerability analysis report module for reporting and generating fault vulnerabilities which may appear in the industrial control equipment system;
the input end of the industrial control fault simulation setting module is connected with an equipment fault simulation setting module for simulating and setting faults of industrial control equipment, a port fault simulation setting module for simulating and setting faults of an equipment port and a line fault simulation setting module for simulating and setting line faults; the output end of the industrial control fault simulation setting module is connected with a simulation setting recording module for recording set simulation fault scheme information, so that the simulation fault setting is conveniently recorded, repeated simulation setting is avoided, and the vulnerability mining efficiency is improved;
the input end of the fault hole analysis reporting module is connected with the output end of the fault event automatic recording module, and the output report of the fault hole analysis reporting module is associated with fault event information generation information recorded in the fault event automatic recording module.
The working method of the industrial control equipment vulnerability mining detection system comprises the following steps:
step 1, when an industrial control system works, a system fault vulnerability scanning module carries out fault scanning detection on equipment, equipment ports and port connection data lines which are easy to have faults in the industrial control system, so that the working state of the industrial control system is known, and the specific position of the system with the faults is convenient to know;
step 2, a system positioning module positions industrial control system equipment, ports and data lines and provides system model construction data for an industrial control system model module; the industrial control system model module builds a system model;
step 3, the industrial control equipment model simulation operation module operates the system model corresponding to the real system in the same state; the industrial control fault simulation setting module is used for carrying out fault simulation, so that the faults at different positions can be conveniently set, and the fault states of the industrial control equipment system in different states can be simulated; the simulation setting recording module records the simulation fault setting, avoids repeated simulation setting and improves the vulnerability mining efficiency; the vulnerability analysis and excavation module analyzes the cause of the fault vulnerability and excavates the vulnerability, so that the system is convenient to scan and monitor, vulnerability analysis and excavation of different industrial control system fault states are convenient, technical personnel can conveniently complete the industrial control system and simultaneously facilitate fault removal of the industrial control system;
step 4, when the industrial control system has a fault, the fault alarm module gives an alarm to remind, so that the industrial control system can be maintained in a timing mode conveniently, and the fault event automatic recording module records the fault event of the industrial control system in use to obtain real fault data information of the industrial control system; the vulnerability analysis mining module performs comparison analysis on the virtual fault condition to obtain a relatively reliable vulnerability reason, so that a technical basis is conveniently provided for the obtained report;
step 5, the fault event automatic recording module records the fault event which actually occurs in the industrial control system to obtain real fault data information of the actual industrial control system, and the fault data information is used for carrying out comparison analysis on the virtual fault condition for a subsequent vulnerability analysis mining module, so that a technical basis is conveniently provided for the obtained report;
step 6, recording the obtained fault cause by a fault hole arrangement database module, and outputting a fault hole report by a fault hole analysis reporting module; and the fault hole analysis reporting module outputs a report which is associated with the fault event information generation information recorded in the fault event automatic recording module.
Preferably, when the vulnerability analysis mining module performs fault vulnerability cause analysis in step 3:
adopting a vulnerability incidence relation model, wherein the calculation formula of the vulnerability incidence relation model is as follows:
Depend(Xi)=(N+1)/(N+2)
in the above formula, XiFor a bug, N represents the relationship with the bug X in the bug association relationship diagramiThe number of vulnerabilities for which direct contact exists;
vulnerability X is calculated based on PageRank algorithmiAt the drainImportance R (X) in the hole association diagrami) Vulnerability relevance model Corr (X)i) The calculation formula of (2) is as follows:
Corr(Xi)=R(Xi)*Depend(Xi)
in the above formula, XiAs a leak, Corr (X)i) As a vulnerability relevance model, R (X)i) For the importance of a vulnerability in a vulnerability incidence relation sketch, Depend (X)i) Is a vulnerability association relation model.
Preferably, when the vulnerability analysis mining module performs fault vulnerability cause analysis in step 3 and when the predicted vulnerability sequences are more, the vulnerability discovery priority is ranked according to the descending weight values of the top points of the vulnerabilities in the vulnerability association relationship diagram, so as to guide the vulnerability discovery work of the next step.
The invention has the beneficial effects that:
(1) the invention carries out fault scanning detection on the equipment, the equipment port and the port connecting data line which are easy to have faults in the industrial control system by arranging the system fault loophole scanning module, is convenient to know the working state of the industrial control system, utilizes the system positioning module to position the industrial control system equipment, the port and the data line, further, the industrial control system model module is used for constructing a system model, the industrial control equipment model simulation operation module is used for operating the system model in the same state corresponding to the real system, and subsequently, when the industrial control system fails or the industrial control failure simulation setting module is used for simulating the failure, the vulnerability analysis excavation module analyzes the cause of the fault vulnerability, realizes vulnerability excavation, facilitates scanning and monitoring of the system, facilitates vulnerability analysis excavation of different fault states of the industrial control system, and facilitates improvement of the industrial control system and fault removal of the industrial control system by technicians.
(2) According to the invention, the fault event automatic recording module is arranged to record the fault event which actually occurs in the industrial control system, so that real fault data information of the actual industrial control system is obtained, the comparison and analysis of the virtual fault condition for the subsequent vulnerability analysis and mining module are facilitated, the relatively reliable vulnerability cause is obtained, the obtained fault vulnerability cause is recorded by using the fault vulnerability sorting database, and the subsequent fault vulnerability analysis and reporting module is facilitated to output a fault vulnerability report.
Drawings
FIG. 1 is a schematic diagram of a system architecture;
FIG. 2 is a schematic diagram of a system architecture of a system location module;
FIG. 3 is a schematic diagram of a system structure of a system fault vulnerability scanning module;
fig. 4 is a schematic system structure diagram of the industrial control fault simulation setting module.
Description of reference numerals: the system comprises a server 1, a system positioning module 2, a system fault vulnerability scanning module 3, an industrial control system model module 4, an industrial control equipment model simulation operation module 5, a vulnerability analysis mining module 6, an industrial control fault simulation setting module 7, a fault event automatic recording module 8, a fault vulnerability sorting database module 9, a fault vulnerability analysis reporting module 10, an equipment positioning module 11, an equipment port positioning module 12, an equipment line path module 13, an equipment scanning module 14, an equipment port scanning module 15, an equipment line scanning module 16, an equipment fault simulation setting module 17, a port fault simulation setting module 18, a line fault simulation setting module 19, a fault display module 20, a fault alarm module 21 and a simulation setting recording module 22.
Detailed Description
The present invention will be further described with reference to the following examples. The following examples are set forth merely to aid in the understanding of the invention. It should be noted that, for a person skilled in the art, several modifications can be made to the invention without departing from the principle of the invention, and these modifications and modifications also fall within the protection scope of the claims of the present invention.
Example 1:
the utility model provides an industrial control equipment leak excavates detecting system, as shown in fig. 1, including the server 1 that is used for data reception and processing, server 1 input is connected with and is used for carrying out position location's system positioning module 2 and is used for carrying out the system failure leak scanning module 3 of fault scanning control to industrial control equipment system to the industrial control equipment system, server 1 output is connected with and is used for carrying out industrial control system model module 4 that industrial control system model generated according to industrial control equipment positioning information, industrial control system model module 4 output is connected with and is used for carrying out the industrial control equipment model simulation operation module 5 of analog work to the industrial control equipment model that generates, 5 outputs of industrial control equipment model simulation operation module are connected with and are used for carrying out cause leak analysis's leak analysis to the trouble that industrial control equipment appears and excavate module 6, 5 inputs of industrial control equipment model simulation operation module are connected with and are used for manually setting up the industrial control failure simulation module of simulation trouble A setting module 7, a system fault vulnerability scanning module 3 carries out fault scanning detection on equipment, equipment ports and port connection data lines which are easy to have faults in the industrial control system, the working state of the industrial control system is known, a system positioning module 2 carries out positioning on the industrial control system equipment, the ports and the data lines, then an industrial control system model module 4 carries out system model construction, an industrial control equipment model simulation operation module 5 carries out same-state operation of a system model corresponding to a real system, and subsequently, when the industrial control system has faults or utilizes the industrial control fault simulation setting module 7 to carry out fault simulation, a vulnerability analysis mining module 6 carries out fault cause analysis to realize vulnerability mining;
the output end of the system fault loophole scanning module 3 is connected with a fault event automatic recording module 8 for recording faults occurring in the operation process of the industrial control equipment, the input end of the loophole analyzing and excavating module 6 is connected with a fault loophole sorting database 9 for recording the loopholes searched by the simulation fault analysis of the industrial control system for sorting and storing, the output end of the loophole analyzing and excavating module 6 is connected with a fault loophole analyzing and reporting module 10 for reporting and generating the fault loopholes which may occur in the industrial control equipment system, when the industrial control system fails, the fault event automatic recording module 8 records the fault events which occur in the industrial control system to obtain real fault data information of the industrial control system, and compares and analyzes the virtual fault conditions for the subsequent loophole analyzing and excavating module 6 to obtain relatively reliable loophole reasons, the fault hole arrangement database 9 records the obtained fault hole reasons, and the subsequent convenient fault hole analysis reporting module 10 outputs a fault hole report.
Further, as shown in fig. 2, an input end of the system positioning module 2 is connected to an apparatus positioning module 11 for performing position positioning on the industrial control apparatus, an apparatus port positioning module 12 for performing position positioning on a connection port on the industrial control apparatus, and an apparatus line path module 13 for performing path positioning on a data line on a port of the industrial control apparatus, so that the system positioning module 2 can conveniently perform positioning on the industrial control system apparatus, the port, and the data line, and further, the system model building data can be conveniently provided for the industrial control system model module 4.
Further, as shown in fig. 3, an input end of the system fault and leak scanning module 3 is connected with an equipment scanning module 14 for performing fault scanning monitoring on the industrial control equipment, an equipment port scanning module 15 for performing fault scanning on an industrial control equipment connection port, and an equipment line scanning module 16 for performing fault scanning on a data line connected to the industrial control equipment port, and the system fault and leak scanning module 3 performs fault scanning detection on the equipment itself, the equipment port, and the port connection data line which are likely to have faults in the industrial control system, so as to know a working state of the industrial control system, and conveniently know a specific position where the system has faults.
Further, as shown in fig. 4, an input end of the industrial control fault simulation setting module 7 is connected with an equipment fault simulation setting module 17 for simulating and setting a fault of the industrial control equipment, a port fault simulation setting module 18 for simulating and setting a fault of an equipment port, and a line fault simulation setting module 19 for simulating and setting a line fault, and the industrial control fault simulation setting module 7 performs fault simulation to conveniently set faults at different positions and simulate fault states of the industrial control equipment system in different states.
Furthermore, the input end of the fault hole analysis reporting module 10 is connected with the output end of the fault event automatic recording module 8, the fault hole analysis reporting module 10 outputs a report which is associated with fault event information generation information recorded in the fault event automatic recording module 8, and the fault event automatic recording module 8 records a fault event which actually occurs in the industrial control system to obtain real fault data information of the industrial control system, so that the subsequent fault hole analysis mining module 6 performs comparison analysis on virtual fault conditions, and a technical basis is conveniently provided for the obtained report.
Furthermore, the output end of the industrial control equipment model simulation operation module 5 is connected with a fault display module 20 for displaying the state of the fault of the industrial control system model, so that technicians can conveniently and visually know the fault position, the fault reason can be evaluated approximately by experience, and the fault display module is matched with a follow-up report to remove the system fault.
Furthermore, the output end of the system fault loophole scanning module 3 is connected with a fault alarm module 21 for alarming when a fault occurs, so that alarm reminding can be conveniently carried out when the system fails, and the industrial control system can be conveniently maintained in a timing mode.
Furthermore, the output end of the industrial control fault simulation setting module 7 is connected with a simulation setting recording module 22 for recording set simulation fault scheme information, so that the simulation fault setting is conveniently recorded, repeated simulation setting is avoided, and the vulnerability mining efficiency is improved.
Further, the calculation formula of the vulnerability association relation model is as follows: depend (X)i)=(N+1)/(N+2),XiFor the bug, N represents the relationship with the bug X in the bug association relation diagramiDirectly linked vulnerability number exists, and vulnerability X is calculated based on the PageRank algorithmiImportance R (X) in the associated schematici) Vulnerability relevance Corr (X)i) The model calculation formula is as follows: corr (X)i)=R(Xi)*Depend(Xi) If detected vulnerability set X' { X } { (X)1, X2, X3, X5, X6Comparing with a formula, and determining possible loopholes as X4,X7Further key excavation is needed; and when more possible vulnerability sequences are predicted, sequencing the vulnerability discovery priorities according to the descending weight values of the top points of the vulnerabilities in the vulnerability distribution graph model, thereby guiding the vulnerability discovery work of the next step.
Example 2:
the implementation scenario is specifically as follows: when the industrial control system works, the system fault loophole scanning module 3 carries out fault scanning detection on equipment, equipment ports and port connecting data lines which are easy to fail in the industrial control system, the working state of the industrial control system is known, the system positioning module 2 carries out positioning on the industrial control system equipment, the ports and the data lines, the industrial control system model module 4 carries out system model construction, the industrial control equipment model simulation operation module 5 carries out the same-state operation of the system model corresponding to the real system, subsequently, when the industrial control system fails or utilizes the industrial control fault simulation setting module 7 to carry out fault cause analysis, the loophole excavation is realized, the scanning monitoring of the system is convenient, the loophole analysis excavation of different industrial control system fault states is convenient, technical personnel can complete the industrial control system and can conveniently remove faults of the industrial control system, when the industrial control system fails, the fault event automatic recording module 8 records the fault event which actually occurs in the industrial control system to obtain real fault data information of the industrial control system, the virtual fault condition is contrasted and analyzed by the subsequent vulnerability analysis and mining module 6 to obtain relatively reliable vulnerability reasons, the fault vulnerability sorting database 9 records the obtained fault vulnerability reasons, the subsequent convenient fault vulnerability analysis and reporting module 10 outputs a fault vulnerability report, the fault alarm module 21 is convenient for alarming and reminding when the system fails, maintenance of timing is convenient for the industrial control system, the simulation setting and recording module 22 is convenient for recording simulation fault setting, repeated simulation setting is avoided, and vulnerability mining efficiency is improved.
The working principle is as follows:
referring to fig. 1 to 4, when the industrial control system works, the system fault loophole scanning module 3 scans and detects faults of the equipment, the equipment ports and the port connection data lines which are easy to have faults in the industrial control system, so as to know the working state of the industrial control system, the system positioning module 2 positions the equipment, the ports and the data lines of the industrial control system, then the industrial control system model module 4 builds the system model, the industrial control equipment model simulation operation module 5 performs the same state operation of the system model corresponding to the real system, subsequently when the industrial control system has a fault or the industrial control fault simulation setting module 7 is used for fault simulation, the vulnerability analysis mining module 6 is used for analyzing causes of fault vulnerabilities, so that vulnerability mining is realized, scanning monitoring of the system is facilitated, vulnerability analysis mining on fault states of different industrial control systems is facilitated, technical personnel can complete the industrial control systems conveniently, and troubleshooting of the industrial control systems is facilitated;
referring to fig. 1, when an industrial control system fails, a fault event automatic recording module 8 records a fault event actually occurring in the industrial control system to obtain real fault data information of the industrial control system, a subsequent vulnerability analysis mining module 6 performs comparison analysis on a virtual fault condition to obtain a relatively reliable vulnerability cause, a fault vulnerability sorting database 9 records the obtained fault vulnerability cause, and a subsequent convenient fault vulnerability analysis reporting module 10 outputs a fault vulnerability report.

Claims (4)

1. The industrial control equipment vulnerability mining detection system is characterized by comprising a server (1), a system positioning module (2), a system fault vulnerability scanning module (3), an industrial control system model module (4), an industrial control equipment model simulation operation module (5), a vulnerability analysis mining module (6), an industrial control fault simulation setting module (7), a fault event automatic recording module (8), a fault vulnerability sorting database module (9), a fault vulnerability analysis reporting module (10), an equipment positioning module (11), an equipment port positioning module (12), an equipment line path module (13), an equipment scanning module (14), an equipment port scanning module (15), an equipment line scanning module (16), an equipment fault simulation setting module (17), a port fault simulation setting module (18), a line fault simulation setting module (19), The device comprises a fault display module (20), a fault alarm module (21) and a simulation setting recording module (22);
the input end of the server (1) is connected with a system positioning module (2) and a system fault vulnerability scanning module (3), the output end of the server (1) is connected with an industrial control system model module (4), the output end of the industrial control system model module (4) is connected with an industrial control equipment model simulation operation module (5), the output end of the industrial control equipment model simulation operation module (5) is connected with a vulnerability analysis and excavation module (6), and the output end of the industrial control equipment model simulation operation module (5) is connected with a fault display module (20); the input end of the industrial control equipment model simulation operation module (5) is connected with an industrial control fault simulation setting module (7);
the input end of the system positioning module (2) is connected with an equipment positioning module (11), an equipment port positioning module (12) and an equipment line path module (13);
the output end of the system fault and leak scanning module (3) is connected with a fault event automatic recording module (8), and the output end of the system fault and leak scanning module (3) is also connected with a fault alarm module (21); the input end of the system fault vulnerability scanning module (3) is connected with an equipment scanning module (14), an equipment port scanning module (15) and an equipment line scanning module (16); the input end of the vulnerability analysis mining module (6) is connected with a fault vulnerability sorting database module (9), and the output end of the vulnerability analysis mining module (6) is connected with a fault vulnerability analysis reporting module (10);
the input end of the industrial control fault simulation setting module (7) is connected with an equipment fault simulation setting module (17), a port fault simulation setting module (18) and a line fault simulation setting module (19); the output end of the industrial control fault simulation setting module (7) is connected with a simulation setting recording module (22);
the input end of the fault hole analysis reporting module (10) is connected with the output end of the fault event automatic recording module (8), and the output report of the fault hole analysis reporting module (10) is associated with fault event information generation information recorded in the fault event automatic recording module (8).
2. The working method of the industrial control equipment vulnerability discovery detection system according to claim 1, characterized by comprising the following steps:
step 1, when the industrial control system works, a system fault loophole scanning module (3) scans and detects faults of equipment, equipment ports and port connection data lines in the industrial control system
Step 2, a system positioning module (2) positions industrial control system equipment, ports and data lines and provides system model construction data for an industrial control system model module (4); the industrial control system model module (4) builds a system model;
step 3, the industrial control equipment model simulation operation module (5) enables the system model to operate in the same state corresponding to the real system; the industrial control fault simulation setting module (7) is used for carrying out fault simulation to simulate the fault states of the industrial control equipment system in different states; the simulation setting recording module (22) records the simulation fault setting; the vulnerability analysis and mining module (6) analyzes the cause of the fault vulnerability and mines the vulnerability;
step 4, when the industrial control system has a fault, the fault alarm module (21) gives an alarm to remind, and the fault event automatic recording module (8) records the fault event of the industrial control system in use to obtain real fault data information of the industrial control system; the vulnerability analysis mining module (6) performs comparison analysis on the virtual fault condition to obtain the vulnerability reason;
step 5, a fault event automatic recording module (8) records the fault event which actually occurs in the industrial control system to obtain real actual fault data information of the industrial control system;
step 6, recording the obtained fault cause by a fault hole arrangement database module (9), and outputting a fault hole report by a fault hole analysis reporting module (10); the fault hole analysis reporting module (10) outputs reports which are related to fault event information generation information recorded in the fault event automatic recording module (8).
3. The working method of the industrial control equipment vulnerability discovery detection system according to claim 2, characterized by comprising: when the vulnerability analysis mining module (6) analyzes the cause of the fault vulnerability in the step (3):
adopting a vulnerability incidence relation model, wherein the calculation formula of the vulnerability incidence relation model is as follows:
Depend(Xi)=(N+1)/(N+2)
in the above formula, XiFor a bug, N represents the relationship with the bug X in the bug association relationship diagramiThe number of vulnerabilities for which direct contact exists;
vulnerability X is calculated based on PageRank algorithmiImportance R (X) in vulnerability association relationship diagrami) Vulnerability relevance model Corr (X)i) The calculation formula of (2) is as follows:
Corr(Xi)=R(Xi)*Depend(Xi)
in the above formula, XiAs a leak, Corr (X)i) As a vulnerability relevance model, R (X)i) For the importance of a vulnerability in a vulnerability incidence relation sketch, Depend (X)i) Is a vulnerability association relation model.
4. The working method of the industrial control equipment vulnerability discovery detection system according to claim 2, characterized by comprising: and 3, when the vulnerability analysis mining module (6) analyzes the causes of the fault vulnerabilities and when the predicted vulnerability sequences are more, sequencing the vulnerability discovery priorities according to the descending weight values of the vulnerability top points in the vulnerability association relation diagram.
CN202010948339.XA 2020-09-10 2020-09-10 Industrial control equipment vulnerability excavation detection system Active CN111796585B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010948339.XA CN111796585B (en) 2020-09-10 2020-09-10 Industrial control equipment vulnerability excavation detection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010948339.XA CN111796585B (en) 2020-09-10 2020-09-10 Industrial control equipment vulnerability excavation detection system

Publications (2)

Publication Number Publication Date
CN111796585A true CN111796585A (en) 2020-10-20
CN111796585B CN111796585B (en) 2020-12-01

Family

ID=72834240

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010948339.XA Active CN111796585B (en) 2020-09-10 2020-09-10 Industrial control equipment vulnerability excavation detection system

Country Status (1)

Country Link
CN (1) CN111796585B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688382A (en) * 2021-08-31 2021-11-23 林楠 Attack intention mining method based on information security and artificial intelligence analysis system
CN117951714A (en) * 2024-03-26 2024-04-30 山东正龙万誉信息科技有限公司 Driving system for remote operation and maintenance of bottom layer of computer

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9043920B2 (en) * 2012-06-27 2015-05-26 Tenable Network Security, Inc. System and method for identifying exploitable weak points in a network
CN105404207A (en) * 2015-12-14 2016-03-16 中国电子信息产业集团有限公司第六研究所 Industrial environment vulnerability discovering device and method
CN106131041A (en) * 2016-07-29 2016-11-16 北京匡恩网络科技有限责任公司 A kind of industry control network safety detection device and unknown leak detection method
CN106647612A (en) * 2017-02-17 2017-05-10 上海云剑信息技术有限公司 PLC vulnerability discovery method based on state relational map
CN104268085B (en) * 2014-10-24 2017-07-28 重庆邮电大学 A kind of discovering software vulnerabilities system and method based on attributes extraction
CN107995182A (en) * 2017-11-27 2018-05-04 国网安徽省电力公司黄山供电公司 The digging system of loophole in a kind of substation
CN108920963A (en) * 2018-07-23 2018-11-30 国网浙江省电力有限公司电力科学研究院 A kind of industrial control system automation Hole Detection plug-in unit generation method and system
CN110275879A (en) * 2019-05-16 2019-09-24 浙江浙能技术研究院有限公司 A method of Trouble Match and early warning are carried out based on fault data state matrix

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9043920B2 (en) * 2012-06-27 2015-05-26 Tenable Network Security, Inc. System and method for identifying exploitable weak points in a network
CN104268085B (en) * 2014-10-24 2017-07-28 重庆邮电大学 A kind of discovering software vulnerabilities system and method based on attributes extraction
CN105404207A (en) * 2015-12-14 2016-03-16 中国电子信息产业集团有限公司第六研究所 Industrial environment vulnerability discovering device and method
CN106131041A (en) * 2016-07-29 2016-11-16 北京匡恩网络科技有限责任公司 A kind of industry control network safety detection device and unknown leak detection method
CN106647612A (en) * 2017-02-17 2017-05-10 上海云剑信息技术有限公司 PLC vulnerability discovery method based on state relational map
CN107995182A (en) * 2017-11-27 2018-05-04 国网安徽省电力公司黄山供电公司 The digging system of loophole in a kind of substation
CN108920963A (en) * 2018-07-23 2018-11-30 国网浙江省电力有限公司电力科学研究院 A kind of industrial control system automation Hole Detection plug-in unit generation method and system
CN110275879A (en) * 2019-05-16 2019-09-24 浙江浙能技术研究院有限公司 A method of Trouble Match and early warning are carried out based on fault data state matrix

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688382A (en) * 2021-08-31 2021-11-23 林楠 Attack intention mining method based on information security and artificial intelligence analysis system
CN117951714A (en) * 2024-03-26 2024-04-30 山东正龙万誉信息科技有限公司 Driving system for remote operation and maintenance of bottom layer of computer
CN117951714B (en) * 2024-03-26 2024-06-14 山东正龙万誉信息科技有限公司 Driving system for remote operation and maintenance of bottom layer of computer

Also Published As

Publication number Publication date
CN111796585B (en) 2020-12-01

Similar Documents

Publication Publication Date Title
CN111796585B (en) Industrial control equipment vulnerability excavation detection system
EP3515039A1 (en) Decision system and method for separating faults from attacks
CN102055615B (en) Server monitoring method
Oman et al. Intrusion detection and event monitoring in SCADA networks
CN113055375B (en) Power station industrial control system physical network oriented attack process visualization method
CN102032115A (en) System and method for analyzing reporting data
JPH08506947A (en) Event correlation
CN115225386B (en) Business identification and risk analysis method and system based on event sequence association fusion
Wang et al. Cyber inference system for substation anomalies against alter-and-hide attacks
CN111244806B (en) Power equipment safety debugging monitoring system and processing method
Iturbe et al. On the feasibility of distinguishing between process disturbances and intrusions in process control systems using multivariate statistical process control
Maalla Current Status of Valve Base Electronics Equipment in DC Transmission System
CN113809827A (en) Intelligent inspection system
WO2023185061A1 (en) Function security system detection method and system, electronic device, and storage medium
CN111966604A (en) Fuzzy industrial control protocol vulnerability mining system
CN117220917A (en) Network real-time monitoring method based on cloud computing
CN117435883A (en) Method and system for predicting equipment faults based on digital twinning
CN117129796A (en) Power grid fault identification system based on big data
CN116523722A (en) Environment monitoring analysis system with machine learning capability
CN107991987B (en) Flood prevention wall remote monitoring system
US11665193B2 (en) Method for managing plant, plant design device, and plant management device
CN116824734A (en) Digital twinning-based equipment remote fault diagnosis method, system and device
CN115604037A (en) Communication safety testing method of fault monitoring system
CN114844709A (en) Network state analysis system of safety log
CN114528548A (en) Network security threat tracing device for power monitoring system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant