CN113542275A - Vulnerability discovery method for power plant industrial control system - Google Patents
Vulnerability discovery method for power plant industrial control system Download PDFInfo
- Publication number
- CN113542275A CN113542275A CN202110801073.0A CN202110801073A CN113542275A CN 113542275 A CN113542275 A CN 113542275A CN 202110801073 A CN202110801073 A CN 202110801073A CN 113542275 A CN113542275 A CN 113542275A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- control system
- industrial control
- power plant
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012360 testing method Methods 0.000 claims abstract description 48
- 238000005065 mining Methods 0.000 claims abstract description 15
- 230000006854 communication Effects 0.000 claims abstract description 13
- 238000004891 communication Methods 0.000 claims abstract description 12
- 238000001514 detection method Methods 0.000 claims abstract description 11
- 238000013515 script Methods 0.000 claims abstract description 5
- 238000005516 engineering process Methods 0.000 claims description 16
- 230000035772 mutation Effects 0.000 claims description 5
- 238000007619 statistical method Methods 0.000 claims description 5
- 238000004422 calculation algorithm Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 240000005809 Prunus persica Species 0.000 claims description 2
- 235000006040 Prunus persica var persica Nutrition 0.000 claims description 2
- 238000013101 initial test Methods 0.000 claims description 2
- 230000014759 maintenance of location Effects 0.000 claims description 2
- 238000012038 vulnerability analysis Methods 0.000 claims description 2
- 230000002068 genetic effect Effects 0.000 claims 1
- 238000012502 risk assessment Methods 0.000 description 11
- 238000004458 analytical method Methods 0.000 description 8
- 230000002159 abnormal effect Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000003058 natural language processing Methods 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- 239000002131 composite material Substances 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000010248 power generation Methods 0.000 description 2
- 238000011179 visual inspection Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- UQGKUQLKSCSZGY-UHFFFAOYSA-N Olmesartan medoxomil Chemical compound C=1C=C(C=2C(=CC=CC=2)C2=NNN=N2)C=CC=1CN1C(CCC)=NC(C(C)(C)O)=C1C(=O)OCC=1OC(=O)OC=1C UQGKUQLKSCSZGY-UHFFFAOYSA-N 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001149 cognitive effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 239000004576 sand Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses a vulnerability discovery method of a power plant industrial control system, which automatically identifies a network asset list of the power plant industrial control system and scans security vulnerabilities according to the asset list; and identifying the protocol to obtain an industrial communication protocol, constructing and maintaining a corresponding writing model script, and generating a test case to carry out unknown vulnerability mining. According to the invention, by identifying the asset list and the industrial communication protocol of the industrial control system and scanning the security loopholes and excavating unknown loopholes based on the identification, the security loophole detection can be actively and dynamically carried out, and the stable and safe operation of the industrial control system of the power plant is ensured.
Description
Technical Field
The invention belongs to the field of industrial control system vulnerability detection, and particularly relates to a power plant industrial control system vulnerability discovery method.
Background
The power plant belongs to the national key production infrastructure, and if the power plant is attacked maliciously, the industrial control system is crashed, and the consequences are unimaginable. Therefore, the leak of the power plant industrial control system is detected regularly, the safety risk of the power plant industrial control system is found in time, the found safety leak is reinforced in time by adopting corresponding strategies and protective measures, and the method has extremely strong political necessity. At present, the safety protection of the industrial control system of the power plant always uses the traditional safety protection measures, mainly uses the boundary protection technology of transverse isolation and longitudinal authentication, lacks the construction of safety protection in the station, the safety boundary is already fuzzy, and under the guidance of limited cognitive and static safety strategies, the constructed safety protection measures are just like houses built on the sand beach and collapse in time. How to establish a dynamic and active new safety protection system of the industrial control system is a key for ensuring the safe operation of the industrial control system of the power plant.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provide a vulnerability discovery method which can actively carry out safety protection and ensure the stable and safe operation of an industrial control system of a power plant.
In order to achieve the purpose, the technical scheme provided by the invention is as follows:
a vulnerability discovery method of a power plant industrial control system automatically identifies a network asset list of the power plant industrial control system and scans security vulnerabilities according to the asset list; and identifying the protocol to obtain an industrial communication protocol, constructing and maintaining a corresponding writing model script, and generating a test case to carry out unknown vulnerability mining.
The method is based on asset framework sniffing and protocol identification, and known vulnerability scanning and unknown vulnerability mining are carried out, so that an active and dynamic power plant control system information safety system is constructed.
The specific technical scheme is as follows:
through deep research and analysis on the service information flow of the power generation enterprise intranet and the function configuration characteristics of equipment, a service information flow safety library and an equipment working behavior safety library are established, and a power plant control system network asset list is identified. According to the identification of the risk of the information security of the power plant, a safety vulnerability library of a control system of the power plant is constructed by utilizing a web crawler and a natural language processing technology, the principle of the known vulnerability and the characteristics of the invasion behavior are combined, the potential attack behavior of the intranet of the control system of the power plant is intelligently identified by adopting a fingerprint identification technology, the unknown vulnerability is excavated by utilizing artificial intelligence technologies such as fuzzy test and the like, the information security measurement is developed from two aspects of risk occurrence possibility and risk influence severity, and the statistic analysis is automatically carried out on the potential security hazard of the control system of the power plant. On the basis of the technology, the power plant control system information safety device with the functions of asset framework sniffing, known vulnerability scanning, unknown vulnerability mining, abnormal behavior early warning and intrusion detection, and vulnerability statistical analysis is realized, and an active and dynamic power plant control system information safety system is constructed.
The method is characterized in that an industrial control vulnerability discovery analysis system is designed and researched based on vulnerability information of industrial control industries in vulnerability libraries such as CVE (composite visual inspection) and CVND (composite visual inspection) and the like, the system mainly comprises major functional modules such as vulnerability library construction, asset discovery and protocol identification, unknown vulnerability mining, known vulnerability scanning, risk assessment and analysis and the like, and the implementation method comprises the following steps:
1. vulnerability fingerprint library construction
Operating system security research projects are developed by the national standards institute in the nineties of the twentieth century, and related research institutions collect large-scale system bugs and simply classify the bugs according to the discovery time of the bugs, the reasons for the generation of the bugs and the positions of the bugs. Common Vulnerabilities and Explorations (CVE) maintained by MITRE corporation becomes a globally recognized security vulnerability index standard, and the item numbers the widely recognized security Vulnerabilities that have been exposed and cause, and periodically releases vulnerability lists, thereby facilitating sharing of vulnerability information. Since 2009, China successively introduced large-scale vulnerability libraries such as China national vulnerability library, national information security vulnerability sharing platform CNVD, national security vulnerability library and the like. According to the method, based on CVE, CNVD and other famous vulnerability libraries, safety vulnerability information of the industrial control system is automatically crawled, and natural language processing technology is used for automatically analyzing, filtering and integrating the crawled information, so that a comprehensive and accurate vulnerability fingerprint library of the power plant control system is established.
2. Asset discovery and protocol identification
The asset discovery mainly manages an asset list on a network, and comprises basic hardware information such as management host OS version, IP, MAC, PORT and the like, and also provides vulnerability quantity, software package name, network service state, network alarm generation quantity and the like of assets, and network risks are analyzed from multiple dimensions of assets, vulnerabilities and threats, so that an effective defense means of system vulnerability scanning is improved. And the data packets such as TCP SYS/ACK, UDP and ICMP are randomly combined to be sent to detect the active target host and detect the state of the port. And confirming which network services are opened by the target host through the detection of the remote machine port. And comparing the return result with known fingerprints of the operating system of the vulnerability fingerprint library by using the TCP and UDP messages, and searching for a matched operating system.
The industrial communication protocol is different from a general network communication protocol, the communication protocol is a protocol with state data, and the content of the protocol is more regular. The protocol identification module adopts a regular expression mode to realize the collection and identification of protocol data packets in the industrial communication process, construct and maintain corresponding protocol model scripts and provide basic conditions for the generation of test cases.
3. Known vulnerability scanning
The basic principle of known Vulnerability scanning, also called Vulnerability Assessment (Vulnerability Assessment), is to detect known security vulnerabilities that may exist in a target item by item in a manner of simulating hacker intrusion, to detect whether there is a Vulnerability in security on a detected system, and to check known security vulnerabilities that may exist in the target item by item. Based on the realization idea of the openvas (open virtual association system), the information of the specified target host is collected by adopting two modes of external query and content acquisition, and the collected information is compared with the known security holes to find out the potential security hazards possibly existing in the information. The targets may be various objects such as workstations, servers, switches, database applications, and the like.
4. Unknown vulnerability mining
And unknown vulnerability mining is realized based on a fuzzy test technology. The fuzzy test technology is a network security vulnerability mining method generally adopted in the current industry, and has become an important test means for checking the reliability and the security of a program. And repeatedly inputting unexpected data into an application program or the tested device by using a fuzzing test technology, and monitoring the abnormity appearing in the output while inputting. In unknown vulnerability mining, based on an industrial control protocol model script generated in a protocol identification module, a fuzzy vulnerability mining test case aiming at an industrial control protocol is generated on the basis of an open source fuzzy test framework Peach. And when the test case is generated, in order to avoid the waste of test time caused by repeating the test case, the hash algorithm is used for carrying out the duplicate removal operation on the test case. In order to improve the use effect of the test case, the fuzzy data field of the system generates a fuzzy variable which is used for an abnormal variable database and has a certain test effect in a pre-storage part, and meanwhile, the database can carry out self-learning maintenance and updating on the abnormal variable. In the fuzzy test process, part of abnormal variable data is selected from the abnormal variable database and added into the fuzzy data list to generate a test case, then the data in the fuzzy data list is mutated through the fuzzy test engine and sent to a target object through a session interface, so that the test is more definite and feasible.
5. Risk assessment and analysis
And carrying out statistical analysis on vulnerability information of the system by risk assessment and analysis. Summarizing the loopholes of different levels according to months, and finding out the change trend of the loopholes in the whole year; the vulnerability information in a certain time period is summarized according to the generation reason or the main position of the vulnerability, and the main reason of vulnerability generation or the most common position of the vulnerability in the industrial control industry can be found, so that the method has important significance for industrial control system protection personnel to strengthen the protection of the industrial control system in a targeted manner, and provides powerful data support for risk assessment and safety early warning of equipment and systems. Meanwhile, a careful and reliable safety analysis report is automatically generated according to the scanning result.
Compared with the prior art, the invention has the following advantages:
1. according to the invention, by identifying the asset list and the industrial communication protocol of the industrial control system and scanning the security loopholes and excavating unknown loopholes based on the identification, the security loophole detection can be actively and dynamically carried out, and the stable and safe operation of the industrial control system of the power plant is ensured.
2. Through analysis of the power generation enterprise intranet service information flow and the equipment function configuration characteristics, a service information flow safety library and an equipment working behavior safety library are established, and a power plant industrial control system network asset list is identified.
3. According to the identification of the risk of the information security of the power plant, a safety vulnerability library of the power plant industrial control system is constructed by utilizing a web crawler and a natural language processing technology, the principle of the known vulnerability and the characteristics of the intrusion behavior are combined, the potential attack behavior of the intranet of the power plant industrial control system is realized by adopting a fingerprint identification technology, the unknown vulnerability is excavated by utilizing a fuzzy test technology, the information security degree evaluation is carried out from two aspects of risk occurrence possibility and risk influence severity, and meanwhile, the statistic analysis can be automatically carried out on the potential security risks of the power plant industrial control system.
Drawings
FIG. 1 is a schematic general flowchart of a method for discovering a vulnerability of an industrial control system of a power plant according to the present invention;
FIG. 2 is a functional block diagram of a vulnerability discovery and analysis system of an industrial control system of a power plant according to the present invention;
FIG. 3 is a schematic view of an asset discovery process of a method for discovering a vulnerability of an industrial control system of a power plant according to the present invention;
FIG. 4 is a flowchart illustrating a protocol recognition method for discovering a bug of an industrial control system of a power plant according to the present invention;
fig. 5 is an unknown vulnerability discovery flow chart of the power plant industrial control system vulnerability discovery method provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 1 is a general flow diagram of a method for discovering a vulnerability of an industrial control system of a power plant according to the present invention, which mainly includes five steps of asset discovery, protocol identification, known vulnerability scanning, unknown vulnerability mining based on a fuzzy test, and risk assessment and analysis. Fig. 2 shows a functional block diagram of a system for discovering and analyzing vulnerabilities of an industrial control system of a power plant according to the present invention, and the specific method is as follows:
(1) asset discovery
The automatic discovery, identification and management of industrial control system network assets has the functions of asset overview, host listing and asset operating system. The asset discovery specific flow is shown in fig. 3.
1.1.1: carrying out target survivability detection, if the target is on-line, carrying out next scanning, otherwise, finishing the detection;
1.1.2: detecting the type of an operating system of a scanning target by utilizing a protocol stack fingerprint identification technology;
1.1.3: and detecting an open port of the target and judging the application service provided by the target.
(2) Protocol identification
And carrying out specific byte regular expression characteristic matching on the load content of the network data packet by utilizing a fingerprint characteristic library of the protocol to judge the type of the network application to which the network flow belongs. The specific flow of protocol identification is shown in fig. 4.
1.2.1: capturing a network protocol message data packet, analyzing by taking a quintuple information data stream of a source port number, a source IP address, a protocol type (TCP/UDP), a destination port number and a destination IP address as a unit to form a data message set, and establishing a protocol fingerprint feature library;
1.2.2: analyzing a message data packet of the unknown protocol message stream, and extracting the five-tuple attributes of the unknown protocol message stream to form a protocol fingerprint;
1.2.3: carrying out regular expression feature matching on the network data packet content by utilizing a protocol fingerprint feature library;
1.2.4: and rapidly verifying the protocol identification result by utilizing a multi-pattern matching algorithm.
(3) Known vulnerability scanning
And collecting information of the appointed target host by using a port scanning technology, and comparing the collected information with known security holes to find out potential security hazards in the information.
1.3.1: collecting and establishing an industrial control system security vulnerability fingerprint library;
1.3.2: carrying out external scanning on an industrial control system network, inquiring a network service port, and collecting feedback information;
1.3.3: carrying out internal scanning on a network host, and collecting software installation and configuration information;
1.3.4: and automatically matching detection rules according to the fingerprint information such as the model, the firmware, the communication protocol and the like of the tested equipment so as to detect whether the known loophole exists.
(4) Unknown vulnerability mining based on fuzzy test
By adopting the idea and the technology of black box test, a group of randomly generated data is used as the input of the program, the abnormal state of the program is monitored, and the defect position of the program is traced back by recording the input causing the abnormality. The unknown vulnerability mining process is shown in fig. 5.
1.4.1, determining a test target, analyzing the test target and determining an input vector;
1.4.2, constructing a test case, and generating the test case by using a generation method and a variation method;
the method comprises the following specific steps:
(1.4.2.1) generating an initial test case according to the historical vulnerability analysis and the protocol message;
(1.4.2.2) testing the test target by using the test cases in the current generation population, and calculating the fitness according to the test result;
(1.4.2.3) sorting the population individuals according to fitness, and selecting n individuals as parent individuals by adopting a roulette method and an excellent individual retention strategy;
(1.4.2.4) performing crossover operation on the current generation individuals to generate new test case individuals;
(1.4.2.5) carrying out mutation operation on the new individual according to the mutation probability to obtain a new generation of population.
And 1.4.3, connecting the tested target, executing the tested application, sending the test case to the tested target program for execution, and monitoring the running state of the tested target.
(5) Risk assessment and analysis
Carrying out statistical analysis on vulnerability information of the system, wherein the statistical analysis comprises summarizing vulnerabilities of different levels according to months so as to find a change trend of the vulnerabilities in the whole year; and summarizing the vulnerability information in a certain time period according to the generation reason or the main position of the vulnerability so as to find the most common position of the main reason of vulnerability generation or the vulnerability. And a confidential and reliable safety analysis report is automatically generated according to the scanning result.
Claims (11)
1. The vulnerability discovery method of the power plant industrial control system is characterized in that the vulnerability discovery method of the power plant industrial control system automatically identifies a network asset list of the power plant industrial control system and scans security vulnerabilities according to the asset list; and identifying the protocol to obtain an industrial communication protocol, constructing and maintaining a corresponding writing model script, and generating a test case to carry out unknown vulnerability mining.
2. The method for discovering the vulnerability of the industrial control system of the power plant according to claim 1, wherein the network asset list of the industrial control system of the power plant comprises a model number, a fixed version, a communication protocol, an operating system, an IP, a port, and a network service of a target object.
3. The method for discovering the vulnerability of the industrial control system of the power plant according to claim 2, wherein the automatic identification process of the network asset list of the industrial control system of the power plant is as follows:
(1.1.1) carrying out target survivability detection, if the target is on line, carrying out next scanning, and if not, finishing the detection;
(1.1.2) detecting the type of an operating system of a scanned target by utilizing a protocol stack fingerprint identification technology;
(1.1.3) detecting the open port of the target and judging the application service provided by the target.
4. The method for discovering the vulnerability of the power plant industrial control system according to claim 3, characterized in that before the security vulnerability scanning is performed according to the asset list, an industrial control system security vulnerability fingerprint library is collected and established, then the industrial control system network is externally scanned, a network service port is inquired, feedback information is collected, then the network host is internally scanned, software installation and configuration information is collected, and finally, the automatic matching of detection rules is performed according to the fingerprint information of the tested equipment such as the model, the firmware, the communication protocol and the like, so as to detect whether the known vulnerability exists.
5. The method for discovering vulnerabilities of an industrial control system of a power plant according to claim 4, wherein the industrial control system security vulnerability fingerprint library is constructed by gathering and integrating CVE, NVD and CNVD standard vulnerability library data.
6. The method for vulnerability discovery of power plant industrial control systems of claim 5, wherein the obtaining of the industrial communication protocol comprises the steps of:
(1.2.1) capturing a network protocol message data packet, analyzing by taking quintuple information data flow of a source port number, a source IP address, a protocol type (TCP/UDP), a destination port number and a destination IP address as a unit to form a data message set, and establishing a protocol fingerprint feature library;
(1.2.2) analyzing a message data packet of the unknown protocol message stream, and extracting the five-tuple attributes of the unknown protocol message stream to form a protocol fingerprint;
(1.2.3) carrying out regular expression feature matching on the network data packet content by utilizing a protocol fingerprint feature library;
and (1.2.4) rapidly verifying the protocol identification result by utilizing a multi-pattern matching algorithm.
7. The method for discovering vulnerabilities of a power plant industrial control system according to claim 6, wherein the unknown vulnerability mining includes the steps of:
(1.4.1) determining a test target, analyzing the test target and determining an input vector;
(1.4.2) constructing a test case, and generating the test case by using a generation method and a mutation method;
and (1.4.3) connecting the target to be tested, executing the application to be tested, sending the test case to the target program to be tested for execution, and monitoring the running state of the target to be tested.
8. The method of discovering vulnerabilities of a power plant industrial control system according to claim 7, wherein the unknown vulnerability discovery is based on a fuzzy testing technique, wherein a fuzzy testing framework includes SPIKE, Peach, and Sulley.
9. The method for discovering the vulnerability of the power plant industrial control system according to claim 8, wherein the generating of the test case in the step (1.4.2) is realized by a genetic algorithm, comprising the following steps:
(1.4.2.1) generating an initial test case according to the historical vulnerability analysis and the protocol message;
(1.4.2.2) testing the test target by using the test cases in the current generation population, and calculating the fitness according to the test result;
(1.4.2.3) sorting the population individuals according to fitness, and selecting n individuals as parent individuals by adopting a roulette method and an excellent individual retention strategy;
(1.4.2.4) performing crossover operation on the current generation individuals to generate new test case individuals;
(1.4.2.5) carrying out mutation operation on the new individual according to the mutation probability to obtain a new generation of population.
10. The method for discovering vulnerabilities of an industrial power plant control system according to claim 9, further comprising performing statistical analysis on the vulnerabilities information of the industrial power plant control system.
11. The method for discovering vulnerabilities of an industrial control system of a power plant according to claim 10, wherein the statistically analyzing vulnerability information of the industrial control system of the power plant comprises: summarizing vulnerability information according to months, and finding out the change trend of the vulnerability in the whole year; gathering vulnerability information in a certain time period according to the generation reasons or the main positions of the vulnerability, and finding the most common positions of the main reasons or the vulnerability generated in the industrial control industry.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110801073.0A CN113542275A (en) | 2021-07-15 | 2021-07-15 | Vulnerability discovery method for power plant industrial control system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110801073.0A CN113542275A (en) | 2021-07-15 | 2021-07-15 | Vulnerability discovery method for power plant industrial control system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113542275A true CN113542275A (en) | 2021-10-22 |
Family
ID=78099450
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110801073.0A Pending CN113542275A (en) | 2021-07-15 | 2021-07-15 | Vulnerability discovery method for power plant industrial control system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113542275A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114598509A (en) * | 2022-02-23 | 2022-06-07 | 烽台科技(北京)有限公司 | Method and device for determining vulnerability result |
CN114969759A (en) * | 2022-06-07 | 2022-08-30 | 中国软件评测中心(工业和信息化部软件与集成电路促进中心) | Asset safety assessment method, device, terminal and medium for industrial robot system |
CN115550230A (en) * | 2022-11-24 | 2022-12-30 | 博智安全科技股份有限公司 | Unknown industrial control protocol fuzzy test method and system based on genetic algorithm |
CN115618353A (en) * | 2022-10-21 | 2023-01-17 | 北京珞安科技有限责任公司 | Identification system and method for industrial production safety |
CN117806226A (en) * | 2024-03-01 | 2024-04-02 | 北京中关村实验室 | Deep vulnerability discovery method and system for protocol stack of PLC (programmable logic controller) equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130167238A1 (en) * | 2011-12-23 | 2013-06-27 | Mcafee, Inc. | System and method for scanning for computer vulnerabilities in a network environment |
US20150040229A1 (en) * | 2013-08-05 | 2015-02-05 | Netflix, Inc. | Dynamic security testing |
CN105721255A (en) * | 2016-04-14 | 2016-06-29 | 北京工业大学 | Industrial control protocol vulnerability mining system based on fuzzy test |
CN106230780A (en) * | 2016-07-19 | 2016-12-14 | 国网四川省电力公司电力科学研究院 | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform |
CN108809951A (en) * | 2018-05-16 | 2018-11-13 | 南京大学 | A kind of penetration testing frame suitable for industrial control system |
CN110430191A (en) * | 2019-08-06 | 2019-11-08 | 合肥优尔电子科技有限公司 | Safe early warning method and device in dispatch data net based on protocol identification |
-
2021
- 2021-07-15 CN CN202110801073.0A patent/CN113542275A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130167238A1 (en) * | 2011-12-23 | 2013-06-27 | Mcafee, Inc. | System and method for scanning for computer vulnerabilities in a network environment |
US20150040229A1 (en) * | 2013-08-05 | 2015-02-05 | Netflix, Inc. | Dynamic security testing |
CN105721255A (en) * | 2016-04-14 | 2016-06-29 | 北京工业大学 | Industrial control protocol vulnerability mining system based on fuzzy test |
CN106230780A (en) * | 2016-07-19 | 2016-12-14 | 国网四川省电力公司电力科学研究院 | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform |
CN108809951A (en) * | 2018-05-16 | 2018-11-13 | 南京大学 | A kind of penetration testing frame suitable for industrial control system |
CN110430191A (en) * | 2019-08-06 | 2019-11-08 | 合肥优尔电子科技有限公司 | Safe early warning method and device in dispatch data net based on protocol identification |
Non-Patent Citations (1)
Title |
---|
秦媛媛、朱广宇、田晓娜、陈波、张松清: "基于CVE漏洞库的工控漏洞发现和分析系统研究", 《信息通信技术》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114598509A (en) * | 2022-02-23 | 2022-06-07 | 烽台科技(北京)有限公司 | Method and device for determining vulnerability result |
CN114598509B (en) * | 2022-02-23 | 2023-06-20 | 烽台科技(北京)有限公司 | Method and device for determining vulnerability result |
CN114969759A (en) * | 2022-06-07 | 2022-08-30 | 中国软件评测中心(工业和信息化部软件与集成电路促进中心) | Asset safety assessment method, device, terminal and medium for industrial robot system |
CN114969759B (en) * | 2022-06-07 | 2024-04-05 | 中国软件评测中心(工业和信息化部软件与集成电路促进中心) | Asset security assessment method, device, terminal and medium of industrial robot system |
CN115618353A (en) * | 2022-10-21 | 2023-01-17 | 北京珞安科技有限责任公司 | Identification system and method for industrial production safety |
CN115618353B (en) * | 2022-10-21 | 2024-01-23 | 北京珞安科技有限责任公司 | Industrial production safety identification system and method |
CN115550230A (en) * | 2022-11-24 | 2022-12-30 | 博智安全科技股份有限公司 | Unknown industrial control protocol fuzzy test method and system based on genetic algorithm |
CN117806226A (en) * | 2024-03-01 | 2024-04-02 | 北京中关村实验室 | Deep vulnerability discovery method and system for protocol stack of PLC (programmable logic controller) equipment |
CN117806226B (en) * | 2024-03-01 | 2024-04-30 | 北京中关村实验室 | Deep vulnerability discovery method and system for protocol stack of PLC (programmable logic controller) equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113542275A (en) | Vulnerability discovery method for power plant industrial control system | |
Rakas et al. | A review of research work on network-based scada intrusion detection systems | |
US11463457B2 (en) | Artificial intelligence (AI) based cyber threat analyst to support a cyber security appliance | |
Li | Using genetic algorithm for network intrusion detection | |
CN110336827B (en) | Modbus TCP protocol fuzzy test method based on abnormal field positioning | |
CN112651006A (en) | Power grid security situation perception platform framework | |
CN110909811A (en) | OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system | |
CN116781430B (en) | Network information security system and method for gas pipe network | |
CN110460611B (en) | Machine learning-based full-flow attack detection technology | |
CN111049827A (en) | Network system safety protection method, device and related equipment | |
CN113438249B (en) | Attack tracing method based on strategy | |
CN113987504A (en) | Vulnerability detection method for network asset management | |
CN116319061A (en) | Intelligent control network system | |
Amarasinghe et al. | AI based cyber threats and vulnerability detection, prevention and prediction system | |
CN115618353A (en) | Identification system and method for industrial production safety | |
Alqurashi et al. | On the performance of isolation forest and multi layer perceptron for anomaly detection in industrial control systems networks | |
Urmila et al. | Dynamic multi-layered intrusion identification and recognition using artificial intelligence framework | |
Pramudya et al. | Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers | |
Slamet et al. | Campus hybrid intrusion detection system using snort and c4. 5 algorithm | |
Li et al. | Research on the network security management based on data mining | |
Li et al. | Research on Intrusion Detection Technology of Electric Control System Based on Machine Learning | |
KR102646586B1 (en) | Detecting method of anomaly pattern | |
Palmer et al. | A Graph-Based Analysis of Industrial Control Systems Network Traffic | |
CN115514582B (en) | Industrial Internet attack chain correlation method and system based on ATT & CK | |
Nayegi et al. | Vulnerability Analysis Architecture Utilizing Auto Encoding Bayesian Algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211022 |
|
RJ01 | Rejection of invention patent application after publication |