CN113315767B - Electric power internet of things equipment safety detection system and method - Google Patents
Electric power internet of things equipment safety detection system and method Download PDFInfo
- Publication number
- CN113315767B CN113315767B CN202110576361.0A CN202110576361A CN113315767B CN 113315767 B CN113315767 B CN 113315767B CN 202110576361 A CN202110576361 A CN 202110576361A CN 113315767 B CN113315767 B CN 113315767B
- Authority
- CN
- China
- Prior art keywords
- module
- firmware
- detection
- equipment
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention belongs to the technical field of safety of the Internet of things, and discloses a safety detection system of electric power Internet of things equipment, which comprises the following components: the system comprises a system home page module, a security detection module, a knowledge base module, a reporting module and a system management module; the system home page module is used for a user to check various index data of the system; the security detection module includes: the device comprises a device identification module, a vulnerability scanning module, a configuration checking module and a firmware detection module; the knowledge base module comprises a device base, a vulnerability base, a configuration base and a firmware base; the report module is used for registering date, label and classification according to the data in the knowledge base and presenting the date, label and classification to the user through a statistical report; the system management module provides a system configuration entry for the user. Through the system provided by the invention, a user can rapidly and efficiently carry out safety detection on the electric power Internet of things equipment, and whether the Internet of things equipment or the system is allowed to be accessed to the electric power system network is determined according to the safety detection, so that the safety risk and hidden danger caused by the Internet of things equipment access to the network are avoided.
Description
Technical Field
The invention relates to the technical field of safety of the Internet of things, in particular to a safety detection system of electric power Internet of things equipment suitable for the electric power industry, and also relates to a safety detection method of the electric power Internet of things equipment suitable for the electric power industry.
Background
Along with the continuous improvement of the informatization level of China, the informatization and intelligent construction of an electric power system are rapidly developed as key infrastructure related to national security. Along with this, a large number of electric power system internet of things devices are introduced and applied to a series of important works such as device control, data acquisition, environment monitoring and the like of a power grid. On one hand, the informatization and intelligence level of the power grid is greatly improved, a large amount of information security holes are introduced, and a great threat is generated to the safe and stable operation of the power system.
Compared with the traditional Internet, the electric power Internet of things equipment is huge in quantity and wider in physical deployment range, and risks faced by the Internet of things equipment mainly comprise: firstly, the electric power internet of things terminal equipment is generally scattered in an unattended area or various unsafe physical environments, and can be physically damaged or captured; secondly, the terminal operating system of the electric power Internet of things possibly has security risks of weak passwords, program loopholes, a large number of open ports and the like, is easy to infect malicious software, is subjected to destructive attack or denial of service attack, and is even illegally controlled to form a botnet; thirdly, the communication protocol adopted by the electric power internet of things terminal is rich and various, and part of network communication protocols are not considered for safety at the beginning of design or have safety design defects, so that safety risks such as interception, hijacking, tampering, cracking and replay of data by middle people exist in the channel transmission process. Fourth, unrepaired security holes existing in the terminal equipment of the electric power Internet of things can be utilized by illegal personnel or organizations, so that large-area faults of the electric power system are caused, and great influence is brought to stable operation of economy and society.
At present, the security detection of the electric power system internet of things equipment by the national power grid company is mainly focused on the aspects of function detection, performance detection, quality detection and the like, and a platform and a system capable of performing security detection on the electric power internet of things equipment terminal are not established yet. In addition, the functions of the Internet of things equipment of the electric power system are different, the types of the Internet of things equipment are various, the technical implementation modes are various, and the general tools and methods are difficult to support and effectively evaluate the information security of the equipment. The security hole introduced by the electric power system Internet of things equipment is in a black hole state which cannot be evaluated, and the safe and stable operation of the power grid system is seriously threatened.
Therefore, how to provide a safety detection system for electric power internet of things equipment and ensure safe and stable operation of a power grid system is a problem to be solved at present.
Disclosure of Invention
In order to solve the problems, the invention discloses a system and a method for detecting the safety of electric power Internet of things equipment. The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview and is intended to neither identify key/critical elements nor delineate the scope of such embodiments. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
According to a first aspect of an embodiment of the present invention, there is provided a security detection system for an electric power internet of things device.
In one embodiment, the power internet of things device security detection system includes:
the system comprises a system home page module, a security detection module, a knowledge base module, a reporting module and a system management module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the system home page module comprises various charts and is used for a user to check various index data of the system;
the security detection module includes: the device comprises a device identification module, a vulnerability scanning module, a configuration checking module and a firmware detection module;
the equipment identification module is used for identifying the electric power Internet of things equipment, displaying basic information of the detected/to-be-detected equipment, and rapidly carrying out safety detection or retest through the list operation column;
the vulnerability scanning module is used for carrying out vulnerability scanning on the terminal equipment, the operating system and the application of the Internet of things according to actual scene configuration or the checking requirement of the equipment of the Internet of things;
the configuration checking module is used for carrying out security configuration checking on host equipment in the target power internet of things and the industrial control system;
the firmware detection module is used for carrying out automatic format recognition, unpacking processing and analysis on the uploaded firmware to obtain the information of the firmware size, the processor and the file system, and recognizing the security risk;
The knowledge base module is used for recording specific checking knowledge information, including a device base, a vulnerability base, a configuration base and a firmware base;
the report module is used for registering date, label and classification according to the data in the knowledge base and presenting the date, label and classification to the user through a statistical report;
the system management module comprises a user management module, an operation recording module and a basic configuration module, and provides a system configuration inlet for a user.
Optionally, the vulnerability scanning module performs vulnerability scanning on the terminal device, the operating system and the application of the internet of things according to actual scene configuration or the requirement of checking the device of the internet of things.
Optionally, if one detection scene has a plurality of devices, setting a plurality of configuration check templates according to the scene, performing vulnerability scanning on the plurality of devices, and then performing association to generate a security detection report of the scene.
Optionally, the vulnerability scanning module includes a new scan task module and a task list module;
the newly-built scanning task module establishes a vulnerability scanning task for the equipment to be detected;
and the task list module displays the detail detection progress or the detection result.
Optionally, the configuration checking module comprises a new task module and a task list module;
the new task module can add configuration checking tasks;
The task list module comprises a device/task name, a starting time, an ending time, a task address, a task state, an operation and a checking result.
Optionally, the firmware detection module includes a new task module and a firmware list module;
the new task module is used for uploading the firmware, analyzing the firmware after the firmware information is uploaded to the system, and starting to detect the firmware if the firmware analysis is successful;
the firmware list module comprises a firmware name, task time, task state, operation and checking results.
Optionally, the firmware security analysis process includes:
vulnerability detection, namely judging whether similar vulnerabilities exist in new firmware or not through similarity detection or a correlation algorithm based on known firmware vulnerabilities;
static analysis and dynamic analysis;
depending on the analysis component, a set of constraints for the firmware is generated, and the constraints are analyzed by an analyzer to output an analysis result.
Optionally, the equipment library comprises various detection equipment information;
the vulnerability database comprises industrial control vulnerabilities in a public vulnerability database;
the configuration library consists of specific checking knowledge, and comprises a checking method, a checking result judging basis and a risk prompt when the checking result judging basis is not matched with the risk prompt, solidifying implementation experience, expert knowledge and analysis model of the electric power internet of things and industrial control safety checking work, and automatically analyzing tool checking results.
Optionally, the security detection system of the electric power internet of things device further comprises a protocol detection module, and according to monitoring of the specified IP, ports or all traffic, the protocol condition in the specified IP, ports or all traffic is analyzed.
According to a second aspect of the invention, a security detection system for electric power internet of things equipment is provided.
In one embodiment, the architecture of the system comprises a basic platform layer, a system service layer, a system core layer and a system access layer from bottom to top;
the basic platform layer is composed of a hardware platform and a software environment for supporting the system to operate;
the system service layer is composed of a security detection engine and a knowledge base module, and performs various security detection tasks according to the service flow;
the system core layer comprises a device identification module, a vulnerability scanning module, a configuration checking module, a firmware detection module and a reporting module; the system core layer utilizes a knowledge base of the service layer to accurately identify and detect the electric power Internet of things equipment;
the system access layer is composed of a Web management interface and a data interface and is used for receiving various operation instructions of a user and returning a system operation result.
According to a third aspect of the embodiment of the invention, a method for detecting the safety of electric power Internet of things equipment is provided.
In one embodiment, the method is based on the system in the above embodiments, and includes the following steps:
Step S1, creating an equipment identification task, adding to-be-detected electric power Internet of things equipment, automatically scanning to-be-detected equipment by using equipment fingerprint information integrated in an equipment library, and adding the identified equipment to an equipment list;
s2, utilizing the vulnerability information integrated in the vulnerability database to scan and identify the vulnerability of the device to be tested;
s3, performing configuration check on the equipment to be tested by utilizing the system configuration standard integrated in the configuration library;
step S4, collecting vulnerability scanning and configuration checking results of a single device into a device security detection report;
step S5, under the condition that a plurality of devices exist in the system, the detection result of a single device is associated as a scene to form a security detection report of a typical application scene of the electric power Internet of things;
and S6, uploading a firmware file of the device by a user on the system, analyzing the firmware by the system, matching and correlating the firmware with the existing information in the firmware library to form a firmware detection result, and outputting a firmware security detection report.
Optionally, in step S1, the device identification step is implemented by using hybrid device fingerprint identification, where the hybrid device fingerprint identification includes an active acquisition part and a server algorithm generation part, by implanting SDKs and JS, embedding points in a fixed service scene, passively triggering active elements to be acquired, interacting with a server, and by using hash algorithm to mix up encryption, generating a unique device fingerprint ID at the server, and writing the unique ID into an application cache or browser cookie.
Optionally, in the step S1, a protocol analysis step is further included, and the protocol analysis step is implemented by adopting a combination of recognition based on a TCP/UDP port, recognition based on a message load characteristic, detection and recognition based on a correlation analysis, and recognition based on a behavior characteristic.
Optionally, in the step S2, the vulnerability scanning step provides vulnerability analysis and repair suggestions for the administrator before the information system is compromised by detecting vulnerability problems existing in the device information system.
Optionally, in the step S3, the configuration checking step supports the multiple protocol telnet target system to perform the baseline check.
Optionally, in the step S6, the firmware security analysis process includes:
a loophole detection step, based on known firmware loopholes, judging whether similar loopholes exist in the new firmware through similarity detection or a correlation algorithm;
an analysis step including static analysis and dynamic analysis;
and a symbol execution step, which is to rely on a disassembly engine, a instrumentation engine and a solver to generate a constraint condition set of the firmware, and analyze the constraint condition by an analyzer to output an analysis result.
According to a fourth aspect of the present invention, a computer device is provided.
In an embodiment the computer device comprises a memory storing a computer program and a processor, characterized in that the processor implements the steps of the method when executing the computer program.
The technical scheme provided by the embodiment of the invention can have the following beneficial effects:
based on key technologies such as equipment fingerprint identification, network protocol identification, firmware security analysis and the like, comprehensive security analysis is carried out on the electric power Internet of things equipment from a plurality of angles such as vulnerability condition, configuration security, firmware security and the like, detection of the electric power Internet of things equipment security is realized, and the efficiency of a user for carrying out the security detection work of the Internet of things terminal equipment is greatly improved by automatic system design;
through electric power thing networking equipment safety inspection system, the user can carry out safety inspection to electric power thing networking equipment fast, high-efficient to whether this thing networking equipment or system access electric power system network is allowed in decision based on this, avoided because the safety risk and the hidden danger that the thing networking equipment brought of networking.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a system block diagram of a power internet of things device security detection system, shown in accordance with an exemplary embodiment;
FIG. 2 is a flowchart illustrating the operation of a security detection module according to an exemplary embodiment;
FIG. 3 is a flowchart illustrating the operation of the configuration verification module and the vulnerability scanning module in accordance with an exemplary embodiment;
FIG. 4 is a flowchart illustrating the operation of a firmware detection module according to an exemplary embodiment;
FIG. 5 is a flowchart illustrating a method of security detection for an electrical networking device, according to an example embodiment;
FIG. 6 is a system architecture diagram of a power internet of things device security detection system, according to an example embodiment;
FIG. 7 is a schematic diagram of a computer device shown according to an example embodiment.
Detailed Description
The following description and the drawings sufficiently illustrate specific embodiments herein to enable those skilled in the art to practice them. Portions and features of some embodiments may be included in, or substituted for, those of others. The scope of the embodiments herein includes the full scope of the claims, as well as all available equivalents of the claims. The terms "first," "second," and the like herein are used merely to distinguish one element from another element and do not require or imply any actual relationship or order between the elements. Indeed the first element could also be termed a second element and vice versa. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a structure, apparatus, or device that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such structure, apparatus, or device. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a structure, apparatus or device comprising the element. Various embodiments are described herein in a progressive manner, each embodiment focusing on differences from other embodiments, and identical and similar parts between the various embodiments are sufficient to be seen with each other.
The terms "longitudinal," "transverse," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like herein refer to an orientation or positional relationship based on that shown in the drawings, merely for ease of description herein and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed and operate in a particular orientation, and thus are not to be construed as limiting the invention. In the description herein, unless otherwise specified and limited, the terms "mounted," "connected," and "coupled" are to be construed broadly, and may be, for example, mechanically or electrically coupled, may be in communication with each other within two elements, may be directly coupled, or may be indirectly coupled through an intermediary, as would be apparent to one of ordinary skill in the art.
Herein, unless otherwise indicated, the term "plurality" means two or more.
Herein, the character "/" indicates that the front and rear objects are an or relationship. For example, A/B represents: a or B.
Herein, the term "and/or" is an association relation describing an object, meaning that three relations may exist. For example, a and/or B, represent: a or B, or, A and B.
Fig. 1 illustrates an alternative embodiment of the power internet of things device security detection system of the present invention.
In this alternative embodiment, the power internet of things device security detection system includes: the system comprises a system home page module, a security detection module, a knowledge base module, a reporting module and a system management module.
The system home page module comprises various charts, is used for a user to check various index data of the system and comprises: equipment running state statistics, knowledge base content statistics, access IP conditions and latest detection tasks.
The security detection module includes: the device comprises a device identification module, a vulnerability scanning module, a configuration checking module and a firmware detection module.
The knowledge base module is used for recording specific checking knowledge information, including a device base, a vulnerability base, a configuration base, a firmware base and the like.
The equipment library comprises various detection equipment information. The vulnerability database comprises industrial control vulnerabilities in a public vulnerability database such as CVE, CNNVD, CNVD. The configuration library consists of specific checking knowledge, including checking method, checking result judging basis and risk prompt when not conforming, solidifying a great amount of implementation experience, expert knowledge and analysis model of the electric power internet of things and industrial control safety checking work, automatically analyzing the tool checking result and providing professional checking knowledge and professional analysis result for the checking work. The firmware library comprises detected firmware information of various Internet of things equipment, including information such as firmware names, firmware sizes, firmware SHA256, processors, file systems and the like.
The report module is used for registering the contents such as date, label, classification and the like according to the data in the knowledge base, and presenting the contents to the user through the statistical report, so that the user is helped to know the security conditions of all aspects of the equipment. The report module supports automatic generation of detection reports, supports export of multiple types of reports such as Word, pdf, excel.
The system management module comprises a user management module, an operation recording module and a basic configuration module, and provides a system configuration inlet for a user.
In another embodiment, the security detection system of the electric power internet of things device further comprises a protocol detection module, and the protocol condition in the security detection module is analyzed according to the monitoring of the specified IP, the ports or all traffic. Industrial field level protocols are supported, including mainstream protocols such as Modbus/TCP, S7, ethernet/IP, IEC104, IEC61850/GOOSE, IEC61850/SV, MMS and the like. The system supports an automatic identification protocol and a newly built task mode. And automatically identifying all traffic conditions in the environment and identifying protocols in the environment by accessing the detection environment. The newly built task identifies the protocol in the traffic situation by establishing the traffic situation of the appointed IP and port. The system also supports fuzzing according to a predetermined protocol script to detect protocol robustness.
According to the electric power internet of things equipment safety detection system, comprehensive safety analysis is performed on electric power internet of things equipment from the angles of vulnerability condition, configuration safety, firmware safety and the like, detection of equipment safety is achieved, and the efficiency of users for carrying out internet of things terminal equipment safety detection is greatly improved through automatic system design. Through the electric power internet of things equipment safety detection system, a user can rapidly and efficiently carry out safety detection on the electric power internet of things equipment, whether the internet of things equipment or the system is allowed to access the electric power system network is determined according to the safety detection, and safety risks and hidden dangers caused by network access of the internet of things equipment are avoided. The electric power internet of things equipment safety detection system can effectively solve the problem of lack of information safety dimension evaluation of the network access equipment, corrects the security hole of the network access of the electric power internet of things equipment without information safety evaluation, effectively prevents information safety threat caused by application of the electric power internet of things equipment, and provides basic information safety guarantee for safe and stable operation of a power grid.
Fig. 2 shows the workflow of the security detection module.
The device identification module is used for identifying various electric power internet of things devices based on various different device identification technologies, displaying basic information of detected/to-be-detected devices, and rapidly carrying out safety detection or retest and the like through a list operation column. When the device is started up and network access is detected, three modes of automatic identification, manual addition and batch introduction can be supported aiming at the device identification process. Optionally, the device identification module accesses the detection environment, and obtains the device information by means of active scanning. Alternatively, the device identification module obtains the device information by manually inputting the device information. Optionally, the device identification module imports the device information in batches through an excel table.
Fig. 3 shows the workflow of the configuration checking module and the vulnerability scanning module.
The configuration checking module is used for carrying out security configuration checking on host equipment in the target power internet of things and the industrial control system. The security configuration checking content mainly comprises basic information, account password policies, user rights, security audit, shared catalogs, running services, running processes, installed updating programs, installed software, port information, network card information, access control, vulnerability information and the like, and can help a checking unit and a checked unit to find unsafe configuration policies and behaviors in time.
The configuration checking module supports the user to upload the extracted firmware to the database of the system through the uploading interface. The configuration checking module can identify information such as firmware format, name version, open source component identification, release time and the like, and for similar firmware, the configuration checking module supports automatic detection and comprises functions such as firmware format identification, open source component identification, key safety and the like.
The configuration checking module comprises a new task module and a task list module. The new task module may add configuration checking tasks. The task list module includes device/task name, start time, end time, task address, task status, operations (pause scan, continue scan, end task, delete task, rescan), audit results (base information, account password policies, user permissions, security audits, shared directory, running services, running processes, installed program software, port information, network card information), etc.
The vulnerability scanning module is used for detecting various vulnerability problems in the information system, including various security vulnerabilities, security configuration problems, non-compliance behaviors and the like, providing professional and effective vulnerability analysis and repair suggestions for an administrator before the information system is damaged, and carrying out early warning, scanning, repairing and auditing on the vulnerability by combining a trusted vulnerability management flow. And the vulnerability scanning module scans vulnerability of the terminal equipment, the operating system, the application and the like of the Internet of things according to actual scene configuration or the checking requirement of the equipment of the Internet of things. If one detection scene has a plurality of devices, a plurality of configuration checking templates can be set according to the scene, vulnerability scanning is carried out on the plurality of devices, then association is carried out, a security detection report of the scene is generated, and contents such as scene names, security scores, threat levels, last update time and the like of the configuration checking are displayed after scanning.
The vulnerability scanning module performs vulnerability scanning on terminal equipment, an operating system, applications and the like of the Internet of things according to actual scene configuration or the requirement for checking the equipment of the Internet of things. If one detection scene has a plurality of devices, a plurality of configuration checking templates can be set according to the scene, vulnerability scanning is carried out on the plurality of devices, then association is carried out to generate a security detection report of the scene, and contents such as scene names, security scores, threat levels, last update time and the like of the configuration checking are displayed after scanning.
And the vulnerability scanning module comprises a newly-built scanning task module and a task list module. The newly built scanning task can establish a vulnerability scanning task for the device to be detected. The task list shows the detail detection progress or detection result, including device/task name, start time, end time, task address, port number, task status, operation (pause scan, continue scan, end task, delete task, rescan), scan result (device identification, operating system information and loopholes, port open status and loopholes, number of loopholes, threat level), etc.
Fig. 4 shows the workflow of the firmware detection module.
The firmware detection module comprises a new task module and a firmware list module. The new task module is used for uploading firmware, analyzing the firmware after the firmware information disclosed by the manual analysis/network is uploaded to the system, and if the firmware analysis is successful, starting to detect the firmware, wherein the similar firmware supports automatic detection and comprises the functions of firmware format identification, CVE vulnerability detection, configuration file verification, open source component identification, key security and the like. The firmware list module comprises the contents of firmware name, task time, task state, operation (suspending scanning, continuing scanning, ending task, deleting task, rescanning), checking result and the like. The checking result comprises basic information of the firmware and detected firmware result statistics, wherein the basic information of the firmware comprises a firmware name, a firmware size, a firmware SHA, a processor, a file system and detection time; the result statistics comprises CVE loopholes, configuration risks, key security, sensitive information leakage, code security, high-risk/medium-risk/low-risk loopholes and the like.
The firmware detection module is used for carrying out automatic format recognition, unpacking processing and analysis on the uploaded firmware, obtaining information such as the size of the firmware, a processor, a file system and the like, recognizing various security risks such as software security vulnerabilities and certificate risks, detecting and confirming whether the information detection, security risk detection, third party component detection and the like of the firmware meet the specifications of various compliance specifications and clauses, and providing relevant correction suggestions for the discovered non-compliance items. The system timely discovers potential vulnerabilities and unknown potential safety hazards by comparing and analyzing firmware, vulnerability scanning, introducing component detection, file analysis and the like, avoids serious vulnerabilities in advance, and clearly controls cited third party components and the like.
Firmware acquisition and analysis is typically the first step in performing firmware security analysis. Alternatively, the firmware acquisition is acquired through a debug interface, such as a JTAG interface or a UART debug port. Optionally, the firmware obtains through simulating device behavior, based on the data format and the interaction protocol of the communication, and the cloud end is deceived by modifying parameters such as the device model or version number, and the like, and an OTA update request is sent to obtain a downloading link of the firmware. Optionally, the firmware is obtained by online obtaining, accessing a website of a manufacturer of the device, obtaining publicly available firmware, and analyzing network communication traffic.
Optionally, the firmware security analysis process includes: (1) Vulnerability detection, namely judging whether similar vulnerabilities exist in new firmware or not through similarity detection or a correlation algorithm based on known firmware vulnerabilities, and mainly detecting whether high-risk configuration options such as weak passwords, hard codes and the like exist in the firmware or not through a backdoor vulnerability; (2) The analysis method comprises a static analysis technology and a dynamic analysis technology, wherein the static analysis technology is the current mainstream, has better applicability, but has the problem of false alarm and needs to be compensated by combining the dynamic analysis technology; (3) Symbolic execution, relying on analysis components such as a disassembly engine, instrumentation engine, solver, generates a set of constraints for the firmware, and the analyzer analyzes the constraints to output analysis results.
Based on the system, the embodiment of the invention also provides a safety detection method of the electric power internet of things equipment, as shown in fig. 5, comprising the following steps:
step S1, a user firstly creates a device identification task, adds to-be-detected electric power Internet of things devices, automatically scans to-be-detected devices or systems by utilizing device fingerprint information integrated in a device library, and adds the identified devices to a device list;
s2, utilizing the vulnerability information integrated in the vulnerability database to scan and identify the vulnerability of the device to be tested;
S3, performing configuration check on the equipment to be tested by utilizing the system configuration standard integrated in the standard configuration library;
step S4, collecting vulnerability scanning and configuration checking results of a single device into a device security detection report;
step S5, under the condition that a plurality of devices exist in the system, the detection result of a single device is associated as a scene to form a security detection report of a typical application scene of the electric power Internet of things;
and S6, uploading a firmware file of the device by a user on the system, analyzing the firmware by the system, matching and correlating the firmware with the existing information in the firmware library to form a firmware detection result, and outputting a firmware security detection report.
Optionally, in the step S1, when the device is started up and network access is detected, the device identification process supports three modes of automatic identification, manual addition and batch import. The automatic identification mode obtains equipment information through the active scanning by accessing the equipment safety detection environment. The manual addition mode is detected by manually inputting equipment information. The batch import mode is to import equipment information in batches through Excel, and the Excel batch import template is designed in advance according to information required by system equipment detection. According to the method, each component module of the industrial control system is accurately identified through fingerprints of industrial control equipment, and PLC, DCS, SCADA and the like of domestic and foreign known manufacturers such as Siemens, schneider, rockwell, ABB, emerson, double Fu, oncomelania, taida, heshi, mitsubishi, horniweil and Yiweisi are supported to be identified at present.
Optionally, the above list of devices includes device name, vendor, IP, model/version, operating system, add time, add mode, operation (vulnerability scanning, configuration checking, modification, deletion). The equipment identification step can support rapid and nondestructive discovery of internet-of-things intelligent terminal equipment such as internet-of-things equipment, industrial control equipment, intelligent ammeter, cameras and the like in a huge amount of network space.
Optionally, in the step of identifying a device, the device identification function is implemented by using a device fingerprint identification technology. The device fingerprint is the mark information carried by different devices in the communication process and can be used for identifying various different devices. The device identification step is realized by adopting a hybrid device fingerprint identification technology, wherein the hybrid device fingerprint identification technology comprises an active acquisition part and a server algorithm generation part, is embedded with SDK and JS, embedded in a fixed service scene, is interacted with a server by passively triggering active acquisition elements, generates unique device fingerprint identification ID at the server after confusion encryption by adopting a hash algorithm, and simultaneously writes the unique ID in an application cache or a browser cookie. And in a certain time, when the user uses the corresponding service embedded point page again, a large amount of re-uploading of the acquisition elements is not needed, the change proportion of the elements is only needed to be compared, the confidence coefficient value is calculated through weighted comparison, and whether the equipment fingerprint code is regenerated or not is judged through a threshold value.
Optionally, the step S1 further includes a protocol analysis step, which is implemented by adopting a recognition technology based on a TCP/UDP port, a recognition technology based on a packet load feature, a detection and recognition technology based on a correlation analysis, a recognition technology based on a behavior feature, and the like. Conventional application protocol identification algorithms use only TCP/UDP ports for identification protocols. In order to improve the accuracy of application protocol identification, the protocol analysis step of the invention identifies the application layer protocol by utilizing the load part of the network data message. The detection and identification technology of the association analysis and the identification technology based on the TCP/UDP port are matched for use, so that the accuracy of application protocol identification can be greatly improved. The identification technology based on the behavior characteristics utilizes the statistical principle, and according to the statistical characteristics of the application protocol data flow, the identification technology is used for comparing the information such as the packet length, the connection rate, the transmission byte quantity and the like of the data connection flow with the flow characteristic model of the known standard answer, so that the identification of the application type is realized.
Optionally, in the step S2, the vulnerability scanning step provides professional and effective vulnerability analysis and repair suggestions for the administrator before the information system is compromised by detecting various vulnerability problems existing in the device information system, including various system vulnerabilities, device vulnerabilities, malicious codes, trojan backdoors, weak password guesses, and the like.
Optionally, in the step S3, the configuration checking step supports multiple protocols of remote login target systems to perform baseline checking, including Telnet, SSH, and the like, and provides a special configuration checking tool for a special power network system, which helps a user to find configuration defects existing in a network and an application by performing security check and compliance modification on a system environment of a typical power internet of things application scenario.
Optionally, in the step S6, the firmware security analysis process includes: (1) A loophole detection step, based on known firmware loopholes, judging whether similar loopholes exist in new firmware or not through a similarity detection or correlation algorithm, and mainly detecting whether high-risk configuration options such as weak passwords, hard codes and the like exist in the firmware or not through a backdoor loophole; (2) The analysis step comprises static analysis and dynamic analysis, wherein the static analysis is the current mainstream, and has better applicability, but has the problem of false alarm, and the dynamic analysis is combined to make up; (3) A symbol execution step of generating a constraint condition set of the firmware depending on analysis components of the disassembly engine, the instrumentation engine, the solver and the like, and analyzing the constraint condition by the analyzer to output an analysis result.
Fig. 6 illustrates one embodiment of a deployment architecture of the power internet of things device security detection system of the present invention.
As shown in fig. 6, the security detection system of the electric power internet of things device comprises a basic platform layer, a system service layer, a system core layer and a system access layer from bottom to top on a system architecture.
The base platform layer is composed of a hardware platform and a software environment for supporting the system to operate, a special hardware platform is used for providing a reliable and stable hardware environment, necessary software for assisting the system to operate is formed into the base platform layer, the traditional IT network protocol is supported, and the industrial network protocol is supported.
The system service layer is composed of a security detection engine and a knowledge base module, and performs various security detection tasks according to the service flow. The security detection engine is formed by solidifying information in a device library, a vulnerability library, a firmware library and a configuration library by combining a large amount of expert knowledge and an analysis model. The knowledge base module comprises a device base, a vulnerability base, a configuration base and a firmware base. The equipment library comprises various detection equipment information. The vulnerability database is composed of industrial control vulnerabilities in the public vulnerability database such as CVE, CNNVD, CNVD. The configuration library consists of specific checking knowledge, including checking method, checking result judging basis and risk prompt when not conforming, solidifying a great amount of implementation experience, expert knowledge and analysis model of the electric power internet of things and industrial control safety checking work, automatically analyzing the tool checking result and providing professional checking knowledge and professional analysis result for the checking work. The firmware library comprises detected firmware information of various Internet of things equipment, including information such as firmware names, firmware sizes, firmware SHA256, processors, file systems and the like.
The system core layer comprises a device identification module, a vulnerability scanning module, a configuration checking module, a firmware detection module, a protocol detection module, a scene detection module, an application detection module, a system detection module and a reporting module, wherein the reporting module comprises a device detection report, a scene detection report and a firmware detection report. The system core layer utilizes the knowledge base of the service layer to accurately identify and detect the electric power Internet of things equipment, and supports identification of PLC, DCS, SCADA and the like of domestic and foreign known manufacturers such as Siemens, schneider, rockwell, ABB, emerson, beifu, oncomelania, taida, heshi, mitsubishi, horniweil and Yiweisi. The system core layer is adapted to an industrial level security check model, and is combined with a plurality of different dimensions such as policy regulations, asset structures, current flow, wireless access and the like to carry out model construction, so that the system core layer is comprehensively adapted to an industrial control system, including an industrial control protocol, an operating system and the like. The report module automatically generates and derives a detection analysis report aiming at the detected equipment, the detection analysis report carries out detailed analysis on the loopholes and provides guiding repair suggestions, and the report module supports account management, user authentication, log audit and the like.
The system access layer is composed of a Web management interface and a data interface and is used for receiving various operation instructions of a user and returning a system operation result. The system access layer is mainly responsible for access management of the system and task issuing, and the system provides two management modes of Web and Consle, so that configuration management is performed more perfectly; and can provide standard interface to the outside, facilitate the data fusion with each platform.
The modules in the system architecture of the embodiment of fig. 6 are the same as those in the embodiment of fig. 1, and will not be repeated here.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store static information and dynamic information data. The network interface of the computer device is used for communicating with an external terminal through a network connection. Which computer program, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be appreciated by those skilled in the art that the structure shown in FIG. 7 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In an embodiment, a computer device is also provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor performing the steps of the above-described method embodiments when the computer program is executed.
In one embodiment, a computer readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like.
The present invention is not limited to the structure that has been described above and shown in the drawings, and various modifications and changes can be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (14)
1. Electric power thing networking equipment safety inspection system, characterized by, include:
the system comprises a system home page module, a security detection module, a knowledge base module, a reporting module and a system management module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the system home page module comprises various charts and is used for a user to check various index data of the system;
the security detection module includes: the device comprises a device identification module, a vulnerability scanning module, a configuration checking module and a firmware detection module;
the equipment identification module is used for identifying the electric power Internet of things equipment, displaying basic information of the detected/to-be-detected equipment, and rapidly carrying out safety detection or retest through the list operation column;
the vulnerability scanning module is used for carrying out vulnerability scanning on the terminal equipment, the operating system and the application of the Internet of things according to actual scene configuration or the checking requirement of the equipment of the Internet of things; if one detection scene has a plurality of devices, setting a plurality of configuration check templates according to the scene, carrying out vulnerability scanning on the plurality of devices, and then associating the plurality of devices to generate a security detection report of the scene;
The configuration checking module is used for carrying out security configuration checking on host equipment in the target power internet of things and the industrial control system;
the firmware detection module is used for carrying out automatic format recognition, unpacking processing and analysis on the uploaded firmware to obtain the information of the firmware size, the processor and the file system, and recognizing the security risk; the firmware security analysis process comprises: vulnerability detection, namely judging whether similar vulnerabilities exist in new firmware or not through similarity detection or a correlation algorithm based on known firmware vulnerabilities; static analysis and dynamic analysis; generating a constraint condition set of the firmware depending on the analysis component, analyzing the constraint condition by the analyzer to output an analysis result;
the knowledge base module is used for recording specific checking knowledge information, including a device base, a vulnerability base, a configuration base and a firmware base;
the report module is used for registering date, label and classification according to the data in the knowledge base and presenting the date, label and classification to the user through a statistical report;
the system management module comprises a user management module, an operation recording module and a basic configuration module, and provides a system configuration inlet for a user.
2. The security detection system of an electrical Internet of things device of claim 1,
The system also comprises a protocol detection module which analyzes the protocol condition according to the monitoring of the appointed IP, the ports or all traffic.
3. The security detection system of an electrical Internet of things device of claim 1,
the vulnerability scanning module comprises a newly built scanning task module and a task list module;
the newly-built scanning task module establishes a vulnerability scanning task for the equipment to be detected;
and the task list module displays the detail detection progress or the detection result.
4. The security detection system of an electrical Internet of things device of claim 1,
the configuration checking module comprises a new task module and a task list module;
the new task module can add configuration checking tasks;
the task list module comprises a device/task name, a starting time, an ending time, a task address, a task state, an operation and a checking result.
5. The security detection system of an electrical Internet of things device of claim 1,
the firmware detection module comprises a new task module and a firmware list module;
the new task module is used for uploading the firmware, analyzing the firmware after the firmware information is uploaded to the system, and starting to detect the firmware if the firmware analysis is successful;
The firmware list module comprises a firmware name, task time, task state, operation and checking results.
6. The security detection system of an electrical Internet of things device of claim 1,
the equipment library comprises various detection equipment information;
the vulnerability database comprises industrial control vulnerabilities in a public vulnerability database;
the configuration library consists of specific checking knowledge, and comprises a checking method, a checking result judging basis and a risk prompt when the checking result judging basis is not matched with the risk prompt, solidifying implementation experience, expert knowledge and analysis model of the electric power internet of things and industrial control safety checking work, and automatically analyzing tool checking results.
7. The electric power internet of things equipment safety detection system is characterized in that the system architecture comprises a basic platform layer, a system service layer, a system core layer and a system access layer from bottom to top;
the basic platform layer is composed of a hardware platform and a software environment for supporting the system to operate;
the system service layer is composed of a security detection engine and a knowledge base module, and performs various security detection tasks according to the service flow;
the system core layer comprises a device identification module, a vulnerability scanning module, a configuration checking module, a firmware detection module and a reporting module; the system core layer utilizes a knowledge base of the service layer to accurately identify and detect the electric power Internet of things equipment; the firmware security analysis process of the firmware detection module comprises the following steps: vulnerability detection, namely judging whether similar vulnerabilities exist in new firmware or not through similarity detection or a correlation algorithm based on known firmware vulnerabilities; static analysis and dynamic analysis; generating a constraint condition set of the firmware depending on the analysis component, analyzing the constraint condition by the analyzer to output an analysis result;
The equipment identification module is used for identifying the electric power Internet of things equipment, displaying basic information of the detected/to-be-detected equipment, and rapidly carrying out safety detection or retest through the list operation column;
the vulnerability scanning module is used for carrying out vulnerability scanning on the terminal equipment, the operating system and the application of the Internet of things according to actual scene configuration or the checking requirement of the equipment of the Internet of things; if one detection scene has a plurality of devices, setting a plurality of configuration check templates according to the scene, carrying out vulnerability scanning on the plurality of devices, and then associating the plurality of devices to generate a security detection report of the scene;
the configuration checking module is used for carrying out security configuration checking on host equipment in the target power internet of things and the industrial control system;
the firmware detection module is used for carrying out automatic format recognition, unpacking processing and analysis on the uploaded firmware to obtain the information of the firmware size, the processor and the file system, and recognizing the security risk; the firmware security analysis process comprises: vulnerability detection, namely judging whether similar vulnerabilities exist in new firmware or not through similarity detection or a correlation algorithm based on known firmware vulnerabilities; static analysis and dynamic analysis; generating a constraint condition set of the firmware depending on the analysis component, analyzing the constraint condition by the analyzer to output an analysis result;
The report module is used for registering date, label and classification according to the data in the knowledge base and presenting the date, label and classification to the user through a statistical report;
the system access layer is composed of a Web management interface and a data interface and is used for receiving various operation instructions of a user and returning a system operation result.
8. A method for detecting the safety of an electric power internet of things device, characterized by detecting based on the system according to any one of claims 1 to 7, comprising the steps of:
step S1, creating an equipment identification task, adding to-be-detected electric power Internet of things equipment, automatically scanning to-be-detected equipment by using equipment fingerprint information integrated in an equipment library, and adding the identified equipment to an equipment list;
s2, utilizing the vulnerability information integrated in the vulnerability database to scan and identify the vulnerability of the device to be tested;
s3, performing configuration check on the equipment to be tested by utilizing the system configuration standard integrated in the configuration library;
step S4, collecting vulnerability scanning and configuration checking results of a single device into a device security detection report;
step S5, under the condition that a plurality of devices exist in the system, the detection result of a single device is associated as a scene to form a security detection report of a typical application scene of the electric power Internet of things;
And S6, uploading a firmware file of the device by a user on the system, analyzing the firmware by the system, matching and correlating the firmware with the existing information in the firmware library to form a firmware detection result, and outputting a firmware security detection report.
9. The method for detecting the safety of the electric power Internet of things equipment according to claim 8, wherein,
in the step S1, the device identification step is implemented by adopting a hybrid device fingerprint identification, and the hybrid device fingerprint identification has an active acquisition part and a server algorithm generation part, and is implemented by implanting an SDK and a JS, burying points in a fixed service scene, passively triggering active elements to be acquired, interacting with a server, and generating a unique device fingerprint identification ID at the server after confusion encryption by adopting a hash algorithm, and writing the unique ID into an application cache or a browser cookie.
10. The method for detecting the safety of the electric power Internet of things equipment according to claim 8, wherein,
the step S1 further comprises a protocol analysis step, which is realized by adopting the combination of recognition based on TCP/UDP ports, recognition based on message load characteristics, detection and recognition based on association analysis and recognition based on behavior characteristics.
11. The method for detecting the safety of the electric power Internet of things equipment according to claim 8, wherein,
in the step S2, the vulnerability scanning step provides vulnerability analysis and repair suggestions for the administrator before the information system is compromised by detecting vulnerability problems existing in the device information system.
12. The method for detecting the safety of the electric power Internet of things equipment according to claim 8, wherein,
in the step S3, the configuration checking step supports the multiple protocol telnet target system to perform the baseline checking.
13. The method for detecting the safety of the electric power Internet of things equipment according to claim 8, wherein,
in the step S6, the firmware security analysis process includes:
a loophole detection step, based on known firmware loopholes, judging whether similar loopholes exist in the new firmware through similarity detection or a correlation algorithm;
an analysis step including static analysis and dynamic analysis;
and a symbol execution step, which is to rely on a disassembly engine, a instrumentation engine and a solver to generate a constraint condition set of the firmware, and analyze the constraint condition by an analyzer to output an analysis result.
14. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 8 to 13 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110576361.0A CN113315767B (en) | 2021-05-26 | 2021-05-26 | Electric power internet of things equipment safety detection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110576361.0A CN113315767B (en) | 2021-05-26 | 2021-05-26 | Electric power internet of things equipment safety detection system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113315767A CN113315767A (en) | 2021-08-27 |
| CN113315767B true CN113315767B (en) | 2023-08-22 |
Family
ID=77374971
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110576361.0A Active CN113315767B (en) | 2021-05-26 | 2021-05-26 | Electric power internet of things equipment safety detection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113315767B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143222A (en) * | 2021-12-07 | 2022-03-04 | 无锡物联网产业研究院 | Internet of things key equipment cloud testing method for typical application of smart city |
| CN114817929B (en) * | 2022-04-19 | 2022-11-22 | 北京天防安全科技有限公司 | Method and device for dynamically tracking and processing vulnerability of Internet of things, electronic equipment and medium |
| CN114884717B (en) * | 2022-04-28 | 2023-08-25 | 浙江大学 | User data deep evidence collection analysis method and system for Internet of things equipment |
| CN115755847A (en) * | 2022-11-18 | 2023-03-07 | 北京卓识网安技术股份有限公司 | Industrial control system grade protection evaluation method and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN108600260A (en) * | 2018-05-09 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of industry Internet of Things security configuration check method |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN109613899A (en) * | 2018-12-21 | 2019-04-12 | 国家计算机网络与信息安全管理中心 | A method of the industrial control system security risk assessment based on allocation list |
| CN111680304A (en) * | 2020-06-15 | 2020-09-18 | 北京凌云信安科技有限公司 | Scanning system for comprehensively detecting Docker vulnerability and unsafe configuration |
| CN111881452A (en) * | 2020-07-17 | 2020-11-03 | 哈尔滨工业大学(威海) | Safety test system for industrial control equipment and working method thereof |
| CN112134761A (en) * | 2020-09-23 | 2020-12-25 | 国网四川省电力公司电力科学研究院 | Electric power Internet of things terminal vulnerability detection method and system based on firmware analysis |
| CN112818357A (en) * | 2021-03-11 | 2021-05-18 | 北京顶象技术有限公司 | Automated batch IoT firmware risk assessment method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11797684B2 (en) * | 2018-08-28 | 2023-10-24 | Eclypsium, Inc. | Methods and systems for hardware and firmware security monitoring |
-
2021
- 2021-05-26 CN CN202110576361.0A patent/CN113315767B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN108600260A (en) * | 2018-05-09 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of industry Internet of Things security configuration check method |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN109613899A (en) * | 2018-12-21 | 2019-04-12 | 国家计算机网络与信息安全管理中心 | A method of the industrial control system security risk assessment based on allocation list |
| CN111680304A (en) * | 2020-06-15 | 2020-09-18 | 北京凌云信安科技有限公司 | Scanning system for comprehensively detecting Docker vulnerability and unsafe configuration |
| CN111881452A (en) * | 2020-07-17 | 2020-11-03 | 哈尔滨工业大学(威海) | Safety test system for industrial control equipment and working method thereof |
| CN112134761A (en) * | 2020-09-23 | 2020-12-25 | 国网四川省电力公司电力科学研究院 | Electric power Internet of things terminal vulnerability detection method and system based on firmware analysis |
| CN112818357A (en) * | 2021-03-11 | 2021-05-18 | 北京顶象技术有限公司 | Automated batch IoT firmware risk assessment method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113315767A (en) | 2021-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113315767B (en) | Electric power internet of things equipment safety detection system and method | |
| CN112184091B (en) | Industrial control system security threat assessment method, device and system | |
| CN111783096B (en) | Method and device for detecting security hole | |
| KR101902747B1 (en) | Method and Apparatus for Analyzing Web Vulnerability for Client-side | |
| Vibhandik et al. | Vulnerability assessment of web applications-a testing approach | |
| CN114124476B (en) | Sensitive information leakage vulnerability detection method, system and device for Web application | |
| CN110768949B (en) | Vulnerability detection method and device, storage medium and electronic device | |
| Zamiri-Gourabi et al. | Gas what? I can see your GasPots. Studying the fingerprintability of ICS honeypots in the wild | |
| Cigoj et al. | An intelligent and automated WCMS vulnerability-discovery tool: the current state of the web | |
| CN114666104A (en) | Penetration testing method, system, computer equipment and storage medium | |
| CN110505116A (en) | Power information acquisition system and penetration test method, device, readable storage medium storing program for executing | |
| CN113901475A (en) | Fuzzy mining method for input verification vulnerability of industrial control terminal equipment | |
| Deeptha et al. | Website Vulnerability Scanner | |
| CN116318783B (en) | Network industrial control equipment safety monitoring method and device based on safety index | |
| Shi et al. | Analysis of web security comprehensive evaluation tools | |
| Bartusiak et al. | First step into automation of security assessment of critical infrastructures | |
| Muharrom et al. | Analysis of Vulnerability Assessment Technique Implementation on Network Using OpenVas | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| Aarya et al. | Web scanning: existing techniques and future | |
| CN113868670A (en) | Vulnerability detection flow inspection method and system | |
| Kahtan et al. | Evaluation dependability attributes of web application using vulnerability assessments tools | |
| CN111488580A (en) | Potential safety hazard detection method and device, electronic equipment and computer readable medium | |
| Wang et al. | Research on threat modeling for 5G network data analytics function | |
| Li et al. | Research on Intrusion Detection Technology of Electric Control System Based on Machine Learning | |
| Wu et al. | ICScope: Detecting and Measuring Vulnerable ICS Devices Exposed on the Internet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |