CN113221108B - Comprehensive evaluation method for industrial control system vulnerability scanning tool - Google Patents
Comprehensive evaluation method for industrial control system vulnerability scanning tool Download PDFInfo
- Publication number
- CN113221108B CN113221108B CN202110592209.1A CN202110592209A CN113221108B CN 113221108 B CN113221108 B CN 113221108B CN 202110592209 A CN202110592209 A CN 202110592209A CN 113221108 B CN113221108 B CN 113221108B
- Authority
- CN
- China
- Prior art keywords
- scanning
- vulnerability
- industrial control
- control system
- tool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
A comprehensive evaluation method for industrial control system vulnerability scanning tools comprises the following steps: the method comprises the steps of firstly evaluating basic attributes of a scanned object, a knowledge base, a leak base and the like supported by a leak scanning tool to obtain basic attribute scores, then selecting a working control system, starting leak scanning after determining a scanning range and a strategy, verifying a scanning result by using a leak POC to obtain a related leak set, then calculating effective rate, false alarm rate and missing report rate scores, calculating data stability by a score standard variance, then calculating leak reliability scores, recording performance parameters and consumption time of a CPU, a memory and the like of the scanned object in the scanning process, calculating influence analysis and scanning efficiency scores, and finally calculating comprehensive scores according to weights of four indexes. The method is based on basic attributes and actual effects, and realizes scientific evaluation of the vulnerability scanning tool under the multiple constraint conditions of knowledge base completeness, industrial control system individual difference, controllable scanning process influence and the like.
Description
Technical Field
The invention relates to the technical field of industrial control safety detection, in particular to a comprehensive evaluation method for a vulnerability scanning tool of an industrial control system.
Background
The method is a common automatic inspection mode for accurately searching the security vulnerabilities existing in the industrial control system and scanning the vulnerabilities of the industrial control system, so that vulnerabilities can be found and repaired in time, and the network security risk can be effectively reduced. The vulnerability scanning tool is a necessary tool for an operation unit to perform brittleness inspection, safety evaluation and safety operation and maintenance on the industrial control system, and vulnerability reliability mainly depends on a complete knowledge base and a scanning strategy. Most of the prior missing scanning technologies are internet-oriented, lack of optimization and adjustment aiming at an industrial control system, poor scanning effect and low efficiency, and meanwhile, due to the vulnerability of the industrial control system, the industrial control system cannot be subjected to conventional scanning, and a plurality of scanning tools influence the operation of the industrial control system.
In the face of a plurality of scanning tools, an operation unit is guided to select a proper product, and a scientific evaluation method needs to be provided. The good scanning tool needs to find more real security holes on the premise of ensuring the normal operation of the industrial control system, reduce the false alarm rate and the missing report rate and improve the scanning efficiency at the same time. The completeness of a knowledge base of the vulnerability scanning tool, the individual difference of an industrial control system and the influence degree on a scanned object are all factors to be considered for evaluation, and the instability of a scanning effect is caused by various factors and the accuracy of an evaluation result is also influenced.
Disclosure of Invention
In order to overcome the problems in the prior art, the invention provides a comprehensive evaluation method for a vulnerability scanning tool of an industrial control system. The method aims to realize scientific evaluation of the vulnerability scanning tool based on basic attributes and actual using effects of the vulnerability scanning tool of the industrial control system. The method can be used for guiding an operation unit to select a proper product and helping a manufacturer to improve and upgrade tools.
In order to achieve the purpose, the invention adopts the following technical scheme:
a comprehensive evaluation method for industrial control system vulnerability scanning tools comprises the following steps:
step (1): evaluating according to the completeness of three basic attributes of a scanning object, a knowledge base, a leakage base and a scanning report supported by a vulnerability scanning tool, and calculating a basic attribute score, wherein evaluation elements are as follows:
scoring according to three levels of high, medium and low, wherein the scoring corresponds to 3, 2 and 1, and the vulnerability scanning tool T i Basic attribute score p of i Is the sum of the three-level scores;
step (2): selecting n industrial control systems for m vulnerability scanning tools participating in evaluation, determining an asset scanning range, determining scanning strategies such as scanning frequency and packet sending rate, avoiding causing abnormity to the industrial control systems, closing programs influencing results such as a host guard and a firewall on a scanning object node, performing vulnerability scanning on assets within a set range in parallel, summarizing scanning vulnerabilities after scanning is finished, and then performing vulnerability scanning tool T i The vulnerability quantity set corresponding to the vulnerability scanning result of the n industrial control systems is represented as S i ={s i1 ,s i2 …s in },s i1 Representing vulnerability scanning tool T i The total number of the scanned bugs of the 1 st industrial control system;
and (3): according to vulnerability scanning tool T i The scanning result loophole set is verified by utilizing the loophole POC, the actual available effective loophole set of the loophole forming tool is the false alarm loophole set of the loophole forming tool which belongs to the tool scanning result loophole set but is not in the effective loophole set of the tool, m loophole scanning tools are used for carrying out set phase combination on the effective loophole sets of each industrial control system, the total effective loophole quantity set Z = { Z } corresponding to n industrial control systems is obtained, and the total effective loophole quantity set Z = { Z } corresponding to n industrial control systems is obtained 1 ,z 2 …z n Forming a leak scanning tool missing report leak set by leaks belonging to the total effective leak set of the industrial control system but not belonging to the effective leak set of a certain leak scanning tool, and then using a leak scanning tool T i The effective vulnerability set, the false-report vulnerability set and the missed-report vulnerability set obtain a corresponding effective vulnerability number set Y i ={y i1 ,y i2 …y in W set of vulnerability numbers i ={w i1 ,w i2 …w in Set X of vulnerability quantity of omission report i ={x i1 ,x i2 …x in };
According to the 4 loophole quantity sets, countingCalculation vulnerability scanning tool T i Scoring the effective rate of the loophole scanning result of the jth industrial control system ij False alarm rate scoring b ij Scoring the rate of missed reports c ij :
a ij =y ij /z j (1)
b ij =1-w ij /s ij (2)
c ij =1-x ij /s ij (3)
Vulnerability scanning tool T i Forming a set D by the effective rate scoring, the missing report rate scoring and the false report rate scoring of the bug scanning results of the n industrial control systems i ={d i1 ,d i2 …d iv Where v =3n, set D is calculated from the standard deviation of the samples i Data stability of o i Then from the data stability o i Computing vulnerability credibility score f i ;
And (4): in vulnerability scanning tool T i In the process of vulnerability scanning of the jth industrial control system, recording the utilization rate of the CPU of the object in the scanned time period as e ij The utilization rate of the memory is g ij The utilization rate of the hard disk is h ij The utilization ratio of the network is k ij Calculating influence analysis indexes by using the average utilization rate, and taking the average value of the plurality of assets by using the utilization rate data if the scanning object is a plurality of assets; calculate vulnerability scanning tool T first i Influence analysis scoring r in vulnerability scanning process of jth industrial control system ij And then, the scores of the n industrial control systems are subjected to arithmetic mean to obtain a vulnerability scanning tool T i Influence analysis of (2)Score r i ;
r ij =((1-e ij )+(1-g ij )+(1-h ij )+(1-k ij ))*10/4 (6)
And (5): vulnerability scanning tool T i The consumed time for scanning the jth industrial control system is t ij If the scanning object is a plurality of assets, the time consumption is taken as the accumulated value of the assets, and the vulnerability scanning tool T is used i Accumulating the scanning time of n industrial control systems to obtain total consumed time t i According to t i Calculating vulnerability scanning efficiency score u corresponding to vulnerability scanning tool i ;
u i =(1-t i /MAX(t 1 ,t 2 ...t n ))*10 (8)
And (6): scoring p by basic attributes i Vulnerability credibility score f i Influence analysis score r i And the score u of the scanning efficiency i Computing vulnerability scanning tool T according to weight coefficients i A summary score of (a);
v i =r i *0.1+p i *0.6+t i *0.2+u i *0.1 (9)
preferably, a performance threshold is set in the scanning strategy, so that the influence on the operation of the industrial control system is controllable, and the efficiency is calculated on the premise that the influence on the industrial control system is controllable.
Preferably, the scanning of the industrial control system and the calculation of the subsequent scores are carried out by selecting 1 to 2 representative assets in the industrial control system.
Preferably, the calculation of the score of the vulnerability false alarm rate and the score of the vulnerability missed report rate is carried out, and the score of the vulnerability false alarm rate and the score of the vulnerability missed report rate are higher the lower the score of the vulnerability false alarm rate and the score of the vulnerability missed report rate are.
The invention has the following beneficial technical effects: the basic attributes and the actual using effect of the scanning tool are integrated, the grading height difference of the vulnerability scanning tool caused by the individual difference of the industrial control system in multiple indexes of the effective rate, the missing report rate and the false report rate is considered, the data stability calculation is introduced, and the scientific evaluation of the vulnerability scanning tool is realized under multiple constraint conditions of knowledge base completeness, the individual difference of the industrial control system, the influence on a scanned object and the like.
Drawings
FIG. 1 is a schematic diagram of a comprehensive evaluation method of a vulnerability scanning tool of an industrial control system.
Detailed Description
The invention is described in further detail below with reference to the following figures and examples:
as shown in fig. 1, a comprehensive evaluation method for industrial control system vulnerability scanning tools includes the following steps:
step (1): evaluating according to the completeness of three basic attributes of a scanning object, a knowledge base, a leakage base and a scanning report supported by a vulnerability scanning tool, and calculating the score of the basic attributes, wherein the evaluation elements are as follows:
scoring according to three levels of high, medium and low, wherein the scoring corresponds to 3, 2 and 1, and the vulnerability scanning tool T i Basic attribute score p of i Is the sum of the three-level scores; in the evaluation process, technical data or manufacturer consultation can be consulted, and the score can be properly improved aiming at a specific industry;
step (2): selecting 4 industrial control systems including a Wilnout, lumeng and An Heng vulnerability scanning tool participating in evaluation, namely a Harrish fire-power DCS, an Emmer fire-power DCS, a Hua Rui fan SCADA system and a four-side hydropower monitoring system, determining that the asset scanning range is an engineer station, an operator station, a PLC and a DCS controller, determining scanning strategies such as scanning frequency and packet sending rate, avoiding causing abnormity to the industrial control system, closing programs influencing results such as a host computer guardian and a firewall on a scanning object node, carrying out vulnerability scanning on assets in the set range in parallel, summarizing and scanning vulnerabilities after scanning is finished, and then adopting a vulnerability scanning tool T to scan vulnerabilities i Vulnerability scanning of 4 industrial control systemsThe vulnerability number set corresponding to the drawing result is expressed as S i ={s i1 ,s i2 ,s i3 ,s i4 },s i1 Presentation tool T i The total number of the scanned bugs of the 1 st industrial control system;
and (3): to leak scanning tool T i The scanning result loophole set is verified by utilizing the loophole POC (point of sale) to form an effective loophole set by utilizing the available loopholes which really exist, loopholes which belong to the scanning result loophole set but are not in the effective loophole set form a false report loophole set, the effective loopholes obtained by scanning n industrial control systems by m loophole scanning tools are combined and combined to obtain a total effective loophole number set, the loopholes which belong to the total effective loophole set but do not belong to the effective loophole set of a certain loophole scanning tool form a false report loophole set corresponding to the loophole scanning tool, and the loophole scanning tool T forms a false report loophole set corresponding to the loophole scanning tool i Corresponding effective vulnerability quantity set Y i ={y i1 ,y i2 ,y i3 ,y i4 W set of false alarm loophole quantity i ={w i1 ,w i2 ,w i3 ,w i4 Set X of vulnerability numbers missed in reporting i ={x i1 ,x i2 ,x i3 ,x i4 And (3) collecting and combining effective vulnerabilities obtained by scanning 4 industrial control systems by using vulnerability scanning tools to obtain a total effective vulnerability quantity set Z = { Z = and 1 ,z 2 ,z 3 ,z 4 };
then tool T i Calculating the effective rate score a of the loophole scanning result of the jth industrial control system ij False alarm rate scoring b ij Scoring the rate of missed reports c ij :
a ij =y ij /z j (1)
b ij =1-w ij /s ij (2)
c ij =1-x ij /s ij (3)
N industrial control systemsThe effective rate score, the missing report rate score and the false report rate score of the unified vulnerability scanning result form a set D i ={d i1 ,d i2 …d i12 D, set D is calculated from the standard deviation of the samples i Data stability of (a) i Then from the data stability o i Calculating vulnerability confidence score f i ;
And (4): calculating influence analysis score and vulnerability scanning tool T i Recording the utilization rate of the CPU of the object in the scanned time period as e in the process of scanning the vulnerability of the jth industrial control system ij The utilization rate of the memory is g ij The utilization rate of the hard disk is h ij The utilization ratio of the network is k ij If the scanning object is a plurality of assets, the utilization rate data takes the average value of the assets, and a vulnerability scanning tool T is calculated firstly i Influence analysis scoring r in vulnerability scanning process of jth industrial control system ij And then, the scores of the 4 industrial control systems are subjected to arithmetic mean to obtain a vulnerability scanning tool T i Influence analysis score of (r) i ;
r ij =((1-e ij )*10+(1-g ij )*10+(1-h ij )*10+(1-k ij )*10)/4 (6)
And (5): vulnerability scanning tool T i The time consumed for scanning the jth industrial control system is t ij If the scanning object is a plurality of assets, the time consumption is taken from the accumulated value of the assets, and the vulnerability scanning tool T is used i Accumulating the scanning time of 4 industrial control systemsObtaining the total consumption time t i According to t i Computing vulnerability scanning tool T i Corresponding vulnerability scanning efficiency u i ;
u i =(1-t i /MAX(t 1 ,t 2 ,t 3 ,t 4 ))*10 (8)
And (6): scoring p by basic attributes i Vulnerability credibility score f i Influence analysis score r i And the score u of the scanning efficiency i Calculating a vulnerability scanning tool T according to each index weight coefficient i A summary score of (a);
v i =r i *0.1+p i *0.6+t i *0.2+u i *0.1 (9)
the examples of the present invention are set forth merely to help illustrate the invention and not to elaborate all details of the technical solutions, and those skilled in the art may make substitutions, modifications to and departures from the technical implementation procedures without departing from the spirit and scope of the embodiments of the present invention.
Claims (4)
1. A comprehensive evaluation method for industrial control system vulnerability scanning tools is characterized by comprising the following steps: the method comprises the following steps:
step (1): evaluating according to the completeness of three basic attributes of a scanning object, a knowledge base, a vulnerability base and a scanning report supported by a vulnerability scanning tool, and calculating basic attribute scores, wherein the evaluation elements of the supported scanning object comprise comprehensive support for industrial control system assets of an operating system, network equipment, a database, safety equipment, application software and industrial control equipment, the evaluation elements of the knowledge base and the vulnerability base comprise identification of the model, version and manufacturer information of the industrial control system and are periodically synchronized with a CVE (visual basic integrity) and CNVD (hidden bug distribution platform), and the scanning report comprises vulnerability scores, repair suggestions and preventive measure related information;
scoring according to three levels of high, medium and low, wherein the scoring corresponds to 3, 2 and 1, and the vulnerability scanning tool T i Basic attribute score p of i Is the sum of the scores of the three basic attributes;
step (2): ginseng radixSelecting n industrial control systems with m vulnerability scanning tools for evaluation, determining an asset scanning range, determining a scanning frequency and a package sending rate scanning strategy, avoiding causing abnormity to the industrial control systems, closing a program for scanning results influenced by a host guard and a firewall on a target node, performing vulnerability scanning on assets within a set range in parallel, summarizing and scanning vulnerabilities after scanning is finished, and then performing vulnerability scanning tool T i The vulnerability quantity set corresponding to vulnerability scanning results of n industrial control systems is represented as S i ={s i1 ,s i2 …s in },s i1 Representing vulnerability scanning tool T i The total number of the scanned bugs of the 1 st industrial control system;
and (3): according to vulnerability scanning tool T i The scanning result loophole set is verified by utilizing the loophole POC, the actual available effective loophole set of the loophole forming tool is the false alarm loophole set of the loophole forming tool which belongs to the tool scanning result loophole set but is not in the effective loophole set of the tool, m loophole scanning tools are used for carrying out set phase combination on the effective loophole sets of each industrial control system, the total effective loophole quantity set Z = { Z } corresponding to n industrial control systems is obtained, and the total effective loophole quantity set Z = { Z } corresponding to n industrial control systems is obtained 1 ,z 2 …z n Forming a leak scanning tool missing report leak set by leaks belonging to the total effective leak set of the industrial control system but not belonging to the effective leak set of a certain leak scanning tool, and then using a leak scanning tool T i The effective vulnerability set, the false-report vulnerability set and the missed-report vulnerability set obtain a corresponding effective vulnerability number set Y i ={y i1 ,y i2 …y in W set of vulnerability numbers i ={w i1 ,w i2 …w in Set X of leak numbers i ={x i1 ,x i2 …x in };
Calculating a vulnerability scanning tool T according to the 4 vulnerability quantity sets i Scoring the effective rate of the loophole scanning result of the jth industrial control system ij False alarm rate scoring b ij Scoring the rate of missed reports c ij :
a ij =y ij /z j (1)
b ij =1-w ij /s ij (2)
c ij =1-x ij /s ij (3)
Scanning tool T for bugs i Forming a set D by the effective rate scoring, the missing report rate scoring and the false report rate scoring of the bug scanning results of the n industrial control systems i ={d i1 ,d i2 …d iv Where v =3n, set D is calculated from the standard deviation of the samples i Data stability of (a) i Then from the data stability o i Computing vulnerability credibility score f i ;
And (4): in vulnerability scanning tool T i Recording the utilization rate of the CPU of the object in the scanned time period as e in the process of scanning the vulnerability of the jth industrial control system ij The utilization rate of the memory is g ij The utilization rate of the hard disk is h ij The utilization ratio of the network is k ij Calculating influence analysis indexes by using the average utilization rate, wherein if the scanning objects are a plurality of assets, the utilization rate data is the average value of the plurality of assets; calculate vulnerability scanning tool T first i Influence analysis scoring r in vulnerability scanning process of jth industrial control system ij And then, the scores of the n industrial control systems are subjected to arithmetic mean to obtain a vulnerability scanning tool T i Influence analysis score of (r) i ;
r ij =((1-e ij )+(1-g ij )+(1-h ij )+(1-k ij ))*10/4 (6)
And (5): vulnerability scanning tool T i The consumed time for scanning the jth industrial control system is t ij If the scanning object is a plurality of assets, the time consumption is taken from the accumulated value of the assets, and the vulnerability scanning tool T is used i Accumulating the scanning time of n industrial control systems to obtain total consumed time t i According to t i Calculating vulnerability scanning efficiency score u corresponding to vulnerability scanning tool i ;
u i =(1-t i /MAX(t 1 ,t 2 ...t n ))*10 (8)
And (6): scoring p by basic attributes i Vulnerability credibility score f i Influence analysis score r i And the score u of the scanning efficiency i Computing vulnerability scanning tool T according to weight coefficients i A summary score of (a);
v i =r i *0.1+p i *0.6+f i *0.2+u i *0.1 (9)。
2. the comprehensive evaluation method for the industrial control system vulnerability scanning tool according to claim 1, characterized in that: and setting a performance threshold in a scanning strategy to ensure that the influence on the operation of the industrial control system is controllable, and calculating the efficiency on the premise of controlling the influence on the industrial control system.
3. The comprehensive evaluation method for the industrial control system vulnerability scanning tool according to claim 1, characterized in that: and (4) selecting 1 to 2 representative assets in the industrial control system for scanning the industrial control system and calculating the subsequent scores.
4. The comprehensive evaluation method for the industrial control system vulnerability scanning tool according to claim 1, characterized in that: and calculating the score of the leak false alarm rate and the score of the leak missing report rate, wherein the lower the leak false alarm rate and the leak missing report rate are, the higher the score of the leak false alarm rate and the score of the leak missing report rate are.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110592209.1A CN113221108B (en) | 2021-05-28 | 2021-05-28 | Comprehensive evaluation method for industrial control system vulnerability scanning tool |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110592209.1A CN113221108B (en) | 2021-05-28 | 2021-05-28 | Comprehensive evaluation method for industrial control system vulnerability scanning tool |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113221108A CN113221108A (en) | 2021-08-06 |
CN113221108B true CN113221108B (en) | 2023-02-07 |
Family
ID=77099110
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110592209.1A Active CN113221108B (en) | 2021-05-28 | 2021-05-28 | Comprehensive evaluation method for industrial control system vulnerability scanning tool |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113221108B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115292720A (en) * | 2022-09-28 | 2022-11-04 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning engine evaluation method, device, equipment and medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106971109A (en) * | 2017-03-24 | 2017-07-21 | 南开大学 | A kind of assessment strategy of the bug excavation method based on index weights |
CN107368417A (en) * | 2017-07-25 | 2017-11-21 | 中国人民解放军63928部队 | A kind of bug excavation technical testing model and method of testing |
CN109302423A (en) * | 2018-11-23 | 2019-02-01 | 杭州迪普科技股份有限公司 | A kind of vulnerability scanning aptitude tests method and apparatus |
CN110225018A (en) * | 2019-05-31 | 2019-09-10 | 江苏百达智慧网络科技有限公司 | A method of based on more equipment evaluation web application fragility |
CN111277555A (en) * | 2018-12-05 | 2020-06-12 | 中国移动通信集团河南有限公司 | Vulnerability false alarm screening method and device |
CN112818351A (en) * | 2021-01-18 | 2021-05-18 | 哈尔滨工业大学(威海) | Industrial control system-oriented vulnerability priority analysis method, system, equipment and storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100817799B1 (en) * | 2006-10-13 | 2008-03-31 | 한국정보보호진흥원 | System and method for network vulnerability analysis using the multiple heterogeneous scanners |
-
2021
- 2021-05-28 CN CN202110592209.1A patent/CN113221108B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106971109A (en) * | 2017-03-24 | 2017-07-21 | 南开大学 | A kind of assessment strategy of the bug excavation method based on index weights |
CN107368417A (en) * | 2017-07-25 | 2017-11-21 | 中国人民解放军63928部队 | A kind of bug excavation technical testing model and method of testing |
CN109302423A (en) * | 2018-11-23 | 2019-02-01 | 杭州迪普科技股份有限公司 | A kind of vulnerability scanning aptitude tests method and apparatus |
CN111277555A (en) * | 2018-12-05 | 2020-06-12 | 中国移动通信集团河南有限公司 | Vulnerability false alarm screening method and device |
CN110225018A (en) * | 2019-05-31 | 2019-09-10 | 江苏百达智慧网络科技有限公司 | A method of based on more equipment evaluation web application fragility |
CN112818351A (en) * | 2021-01-18 | 2021-05-18 | 哈尔滨工业大学(威海) | Industrial control system-oriented vulnerability priority analysis method, system, equipment and storage medium |
Non-Patent Citations (2)
Title |
---|
10种漏洞扫描工具;陆静;《计算机与网络》;20200812(第15期);全文 * |
一种评估漏洞扫描工具效果的测试集生成方法;周鹏等;《科技视界》;20180625(第18期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113221108A (en) | 2021-08-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100412871C (en) | System and method to generate domain knowledge for automated system management | |
CN114493213A (en) | Carbon emission data acquisition and processing method based on Internet of things | |
US20190361759A1 (en) | System and method to identify failed points of network impacts in real time | |
CN107430398A (en) | System and method for tuning process modeling | |
JP2018511875A (en) | Advanced data cleansing system and method | |
CN116992399B (en) | Power equipment operation and maintenance assessment method based on power data analysis | |
CN113221108B (en) | Comprehensive evaluation method for industrial control system vulnerability scanning tool | |
CN112418682B (en) | Safety evaluation method for fusion of multi-source information | |
CN116028887B (en) | Analysis method of continuous industrial production data | |
CN117008479B (en) | Carbon emission optimization control method and system based on biomass gasification furnace | |
CN116186936B (en) | Method, system, equipment and medium for determining continuous casting process parameters | |
CN116664113A (en) | Intelligent safety supervision system for electric power metering standardized operation | |
CN117056688A (en) | New material production data management system and method based on data analysis | |
WO2021142622A1 (en) | Method for determining cause of defect, and electronic device, storage medium, and system | |
CN117032120A (en) | Integrated intelligent cloud control system and control method for air compression station | |
CN114338348A (en) | Intelligent alarm method, device, equipment and readable storage medium | |
US8340800B2 (en) | Monitoring a process sector in a production facility | |
CN115660696A (en) | Animal individual tracing consensus method with data verification function | |
CN117520184A (en) | Test system for developing computer software | |
Thabet et al. | Intelligent energy management of compressed air systems | |
CN116701846A (en) | Hydropower station dispatching operation data cleaning method based on unsupervised learning | |
CN115618353B (en) | Industrial production safety identification system and method | |
CN110427316A (en) | Embedded software defect-restoration method therefor based on access behavior perception | |
CN115575579A (en) | Carbon monitoring method and system based on monitoring source analysis | |
CN112732773B (en) | Method and system for checking uniqueness of relay protection defect data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |