CN114003796A - Industrial control asset discovery method and device and electronic equipment - Google Patents

Industrial control asset discovery method and device and electronic equipment Download PDF

Info

Publication number
CN114003796A
CN114003796A CN202111281945.1A CN202111281945A CN114003796A CN 114003796 A CN114003796 A CN 114003796A CN 202111281945 A CN202111281945 A CN 202111281945A CN 114003796 A CN114003796 A CN 114003796A
Authority
CN
China
Prior art keywords
asset
industrial control
identified
control equipment
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111281945.1A
Other languages
Chinese (zh)
Inventor
王锐畅
董阳
史博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Dingxiang Technology Co ltd
Original Assignee
Beijing Dingxiang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Dingxiang Technology Co ltd filed Critical Beijing Dingxiang Technology Co ltd
Priority to CN202111281945.1A priority Critical patent/CN114003796A/en
Publication of CN114003796A publication Critical patent/CN114003796A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method and a device for discovering industrial control assets and electronic equipment, wherein the method comprises the following steps: acquiring an IP to be identified and a network protocol of an industrial control network; sending an asset detection data packet corresponding to a network protocol to the industrial control equipment to be identified corresponding to the IP to be identified, and receiving an asset response data packet returned by the industrial control equipment to be identified; determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library; and determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified. The industrial control asset discovery method realizes active discovery of industrial control system assets and accurate classification of industrial control equipment assets to be identified through the classification technology of the preset industrial control equipment fingerprint library and the preset asset mapping library, and can acquire enough and detailed asset information.

Description

Industrial control asset discovery method and device and electronic equipment
Technical Field
The invention relates to the technical field of asset management, in particular to a method and a device for discovering industrial control assets and electronic equipment.
Background
The new infrastructure is a further deep digitalized accelerator, more and more government and enterprise businesses are operated on digitalization, and the informatization degree of the industrial control system is higher and higher along with the gradual fusion of informatization and industrialization. However, compared with the traditional IT network, the characteristics of the industrial control network are more complex, not only are more types of devices involved and more complex, but also more public protocols and private protocols are used, and meanwhile, the requirements on the stability and the real-time performance of the production environment of the whole industrial system are higher, so that the management of the assets in the industrial control network environment is more complex and more challenging.
The method is characterized in that flow metadata required for asset discovery is usually mixed and hidden in network flow with complicated communication interaction, and in a large amount of network flow, searching key information which can be used for identifying equipment manufacturers, product models and the like is a difficult task, just like a sea fishing needle, and accurate results cannot always be obtained, so that the asset discovery is incomplete; the other is an active asset discovery method, which adopts an industrial control protocol detection packet to realize active network communication, and matches a protocol response data packet with an industrial control equipment fingerprint library based on the protocol response data packet to realize key information extraction of the response data packet, so as to classify and manage assets.
In conclusion, the existing industrial control asset discovery method has the technical problems of incomplete asset discovery and inaccurate asset classification.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, and an electronic device for discovering industrial control assets, so as to alleviate the technical problems of incomplete asset discovery and inaccurate asset classification existing in the existing industrial control asset discovery method.
In a first aspect, an embodiment of the present invention provides a method for discovering industrial control assets, including:
acquiring an IP to be identified and a network protocol of an industrial control network;
sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified, and receiving an asset response data packet returned by the industrial control equipment to be identified;
determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library;
and determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified.
Further, the number of the to-be-identified IPs is at least one.
Further, sending an asset detection data packet corresponding to the network protocol to the to-be-identified industrial control device corresponding to the to-be-identified IP includes:
determining a corresponding network port based on the network protocol;
and sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified through the network port.
Further, the preset industrial control device fingerprint library is a corresponding relation between fingerprint information and preliminary asset information of the industrial control device, and the preliminary asset information of the industrial control device to be identified is determined based on the asset response data packet and the preset industrial control device fingerprint library, and includes:
matching the asset response data packet with the fingerprint information to obtain target fingerprint information matched with the asset response data packet;
and taking the initial asset information of the industrial control equipment corresponding to the target fingerprint information as the initial asset information of the industrial control equipment to be identified.
Further, the preset asset mapping library is a corresponding relationship between a product serial number and refined asset information of industrial control equipment, and the step of determining the refined asset information of the industrial control equipment to be identified based on the asset response data packet and the preset asset mapping library comprises the following steps:
analyzing the target fingerprint information to obtain a target product serial number of the industrial control equipment to be identified;
and matching the target product serial number with the product serial number in the preset asset mapping library, and determining the refined asset information of the industrial control equipment corresponding to the target product serial number according to the matching result so as to obtain the refined asset information of the industrial control equipment to be identified.
Further, matching the target product serial number with a product serial number in the preset asset mapping library includes:
and performing full matching or regular matching on the target product serial number and the product serial number in the preset asset mapping library.
Further, after the preliminary asset information and the refined asset information are used as the asset information of the industrial control device to be identified, the method further comprises the following steps:
and marking the asset information obtained by identification for the industrial control equipment to be identified.
In a second aspect, an embodiment of the present invention further provides an apparatus for discovering an industrial control asset, including:
the acquisition unit is used for acquiring the IP to be identified and the network protocol of the industrial control network;
the sending and receiving unit is used for sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified and receiving an asset response data packet returned by the industrial control equipment to be identified;
the first determining unit is used for determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library;
and the second determining unit is used for determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method according to any one of the above first aspects when executing the computer program.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing machine executable instructions, which when invoked and executed by a processor, cause the processor to perform the method of any of the first aspect.
In an embodiment of the present invention, a method for discovering industrial control assets is provided, including: acquiring an IP to be identified and a network protocol of an industrial control network; sending an asset detection data packet corresponding to a network protocol to the industrial control equipment to be identified corresponding to the IP to be identified, and receiving an asset response data packet returned by the industrial control equipment to be identified; determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library; and determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified. According to the industrial control asset discovery method, the classification technologies of the preset industrial control device fingerprint library and the preset asset mapping library are adopted, so that the active discovery of the industrial control system assets and the accurate classification of the industrial control device assets to be identified are realized, enough and detailed asset information can be acquired, and the technical problems that the existing industrial control asset discovery method is incomplete in asset discovery and not accurate in asset classification are solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart of a method for discovering industrial assets according to an embodiment of the invention;
fig. 2 is a flowchart of sending an asset detection data packet corresponding to a network protocol to an industrial control device to be identified corresponding to an IP to be identified according to an embodiment of the present invention;
FIG. 3 is a flowchart of determining preliminary asset information of an industrial control device to be identified based on an asset response data packet and a preset industrial control device fingerprint library according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating the process of determining refined asset information for an industrial control device to be identified based on an asset response data packet and a pre-set asset mapping library according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an industrial control asset discovery apparatus according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The existing passive asset discovery method is used for discovering assets by capturing and analyzing daily communication flow in a network environment, and in a large amount of network flow, searching key information which can be used for identifying equipment manufacturers, product models and the like is a difficult task, like a sea fishing needle, and an accurate result cannot always be obtained, so that the asset discovery is incomplete; the other active asset discovery method is characterized in that active network communication is achieved through an industrial control protocol detection packet, key information extraction of a response data packet is achieved based on matching of a protocol response data packet and an industrial control device fingerprint library, and therefore assets are classified and managed.
Based on the method, the classification technology of the preset industrial control equipment fingerprint library and the preset asset mapping library is adopted, so that the active discovery of the industrial control system assets and the accurate classification of the industrial control equipment assets to be identified are realized, and enough and detailed asset information can be obtained.
Embodiments of the present invention are further described below with reference to the accompanying drawings.
The first embodiment is as follows:
in accordance with an embodiment of the present invention, there is provided an embodiment of a method for discovery of industrial control assets, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than presented herein.
FIG. 1 is a flow chart of a method for discovering industrial assets according to an embodiment of the invention, as shown in FIG. 1, the method comprising the steps of:
step S102, acquiring an IP to be identified and a network protocol of the industrial control network;
the number of the to-be-identified IPs is at least one, that is, the to-be-identified IPs may be one, or may be multiple IPs in the whole IP network segment.
And determining the network protocol of the industrial control network according to the communication protocol between the industrial control devices. For example, communication between the industrial control devices in the production environment is mainly realized by a modbus protocol and a snmp protocol, and the network protocol can be the modbus protocol, the snmp protocol and other common communication protocols; if the industrial control equipment in the production environment mainly realizes communication by an S7 protocol and a snmp protocol, the network protocol can be an S7 protocol, a snmp protocol and other common communication protocols; if the industrial control equipment in the production environment is mainly communicated by an EtherNet/IP protocol, the network protocol can be the EtherNet/IP protocol and other common communication protocols; if the communication protocol between the industrial control devices in the production environment is uncertain, all the default industrial control environment communication protocols can be selected as the network protocol.
Step S104, sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified, and receiving an asset response data packet returned by the industrial control equipment to be identified;
specifically, an asset detection data packet corresponding to the network protocol is sent to the to-be-identified industrial control equipment corresponding to each to-be-identified IP, and an asset response data packet returned by the to-be-identified industrial control equipment is received, so that complete and reliable asset information can be accurately obtained.
Step S106, determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library;
the preliminary asset information may be manufacturer information and equipment information of the industrial control equipment to be identified.
And S108, determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and the preset asset mapping library, and taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified.
The detailed asset information may be subdivided equipment information, model information, product series information, and the like.
In an embodiment of the present invention, a method for discovering industrial control assets is provided, including: acquiring an IP to be identified and a network protocol of an industrial control network; sending an asset detection data packet corresponding to a network protocol to the industrial control equipment to be identified corresponding to the IP to be identified, and receiving an asset response data packet returned by the industrial control equipment to be identified; determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library; and determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified. According to the industrial control asset discovery method, the classification technologies of the preset industrial control device fingerprint library and the preset asset mapping library are adopted, so that the active discovery of the industrial control system assets and the accurate classification of the industrial control device assets to be identified are realized, enough and detailed asset information can be acquired, and the technical problems that the existing industrial control asset discovery method is incomplete in asset discovery and not accurate in asset classification are solved.
The above description briefly introduces the industrial control asset discovery method according to the embodiment of the present invention, and the details of the method are described in detail below.
In an optional embodiment of the present invention, referring to fig. 2, the step S104 of sending the asset detection data packet corresponding to the network protocol to the to-be-identified industrial control device corresponding to the to-be-identified IP specifically includes the following steps:
step S201, determining a corresponding network port based on a network protocol;
the corresponding network port refers to a network port corresponding to a network protocol.
Each network protocol has a specific unique network port, so when communication is performed, the network port corresponding to the network protocol needs to be determined first.
Step S202, an asset detection data packet corresponding to the network protocol is sent to the industrial control equipment to be identified corresponding to the IP to be identified through the network port.
Specifically, if the network protocol is a modbus protocol and the obtained corresponding network port is determined to be a 502 port, the asset detection data packet corresponding to the modbus protocol is sent to the industrial control device to be identified corresponding to the IP to be identified through the 502 port.
In an optional embodiment of the present invention, the preset industrial control device fingerprint library is a corresponding relationship between fingerprint information and preliminary asset information of the industrial control device, and referring to fig. 3, the step S106 is to determine the preliminary asset information of the industrial control device to be identified based on the asset response data packet and the preset industrial control device fingerprint library, and specifically includes the following steps:
step S301, matching the asset response data packet with the fingerprint information to obtain target fingerprint information matched with the asset response data packet;
and step S302, taking the preliminary asset information of the industrial control equipment corresponding to the target fingerprint information as the preliminary asset information of the industrial control equipment to be identified.
It should be noted that: the preset industrial control equipment fingerprint library is obtained according to the use and accumulation of various industrial control equipment on the market.
In an optional embodiment of the present invention, the preset asset mapping library is a corresponding relationship between a product serial number and refined asset information of the industrial control device, and referring to fig. 4, the method for determining the refined asset information of the industrial control device to be identified based on the asset response data packet and the preset asset mapping library specifically includes the following steps:
step S401, analyzing the target fingerprint information to obtain a target product serial number of the industrial control equipment to be identified;
and S402, matching the target product serial number with the product serial number in the preset asset mapping library, determining the refined asset information of the industrial control equipment corresponding to the target product serial number according to the matching result, and further obtaining the refined asset information of the industrial control equipment to be identified.
Specifically, the target product serial number is fully matched or regularly matched with the product serial number in the preset asset mapping library.
Through product series trees of industrial control manufacturers (namely, various product series exist in the industrial control equipment of each manufacturer), an accurate industrial control equipment dividing method covering the whole is designed, and a comprehensive and careful preset asset mapping library is established by combining manual review and checking modes, so that the accurate matching and classification of the industrial control equipment are realized, the accuracy of the asset classification directly based on an asset response data packet is greatly improved, and the asset missing report rate caused by passive discovery is avoided.
In addition, the preset asset mapping library consists of a manufacturer sub-library and a product series sub-library, wherein the manufacturer sub-library is used for dividing various equipment manufacturers under the industrial control system; then, a product series sub-library is constructed based on a product series tree of a specific manufacturer, and the product mapping modes of the sub-library include a full matching mode and a regular matching mode, wherein the regular matching mode is a product mapping method adopted for a product serial number with standard codes, such as a regular matching code "6ES 7312- [ A-Z0-9] {5} -0AB0", and the mapped product series is the product series of Siemens S7-300 CPU 312. The full-matching method is a mapping method constructed for a specific product, such as a full-matching code "STEP 7", corresponding to a siemens STEP 7 product.
The industrial control asset discovery method of the embodiment of the invention is described by a specific example as follows:
presetting the information in the industrial control equipment fingerprint library as follows: the fingerprint 1 corresponds to a siemens programmable controller (PLC), and the product series (i.e. product series sub-library) contained in the siemens sub-library (i.e. manufacturer sub-library) in the preset asset mapping library includes: s7-300 CPU 312 product series- -6ES 7312- [ A-Z0-9] {5} -0AB0, Step 7 product series- -STEP 7.
When asset discovery is carried out, after an asset response data packet is obtained, the asset response data packet is matched with fingerprint information, the target fingerprint information obtained through matching is fingerprint 1, and a Siemens Programmable Logic Controller (PLC) is further obtained to serve as preliminary asset information of industrial control equipment to be identified; further analyzing the target fingerprint information, namely fingerprint 1, to obtain a target product serial number therein, matching the target product serial number with a product serial number in a preset asset mapping library, and if 6ES 7312- [ A-Z0-9] {5} -0AB0 is obtained through matching, taking the product series of S7-300 CPU 312 as the refined asset information of the industrial control equipment to be identified, and finally obtaining the asset information of the industrial control equipment to be identified as follows: siemens S7-300 CPU 312 product family programmable controller (PLC).
In an optional embodiment of the invention, the method further comprises: and marking the asset information obtained by identification for the industrial control equipment to be identified.
Compared with a passive detection mode based on network flow, the industrial control asset discovery method provided by the invention has the advantages that an asset response data packet in a network environment is actively acquired, and enough and detailed equipment data can be acquired; compared with the existing active scanning method, the invention does not directly extract key information from the asset response data packet to complete asset classification, but further combines the classification technology of the preset asset mapping library to realize the active discovery of the assets of the industrial control system and the asset management method of accurate product division.
Example two:
the embodiment of the present invention further provides a device for discovering industrial control assets, where the device for discovering industrial control assets is mainly used for executing the method for discovering industrial control assets provided in the first embodiment of the present invention, and the device for discovering industrial control assets provided in the first embodiment of the present invention is specifically described below.
Fig. 5 is a schematic diagram of an industrial control asset discovery apparatus according to an embodiment of the present invention, and as shown in fig. 5, the apparatus mainly includes: an acquisition unit 10, a sending and receiving unit 20, a first determination unit 30 and a second determination unit 40, wherein:
the acquisition unit is used for acquiring the IP to be identified and the network protocol of the industrial control network;
the sending and receiving unit is used for sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified and receiving an asset response data packet returned by the industrial control equipment to be identified;
the first determining unit is used for determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library;
and the second determining unit is used for determining the refined asset information of the industrial control equipment to be identified based on the asset response data packet and the preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified.
In an embodiment of the present invention, an industrial control asset discovery apparatus is provided, including: acquiring an IP to be identified and a network protocol of an industrial control network; sending an asset detection data packet corresponding to a network protocol to the industrial control equipment to be identified corresponding to the IP to be identified, and receiving an asset response data packet returned by the industrial control equipment to be identified; determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library; and determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified. According to the industrial control asset discovery device, the classification technologies of the preset industrial control device fingerprint library and the preset asset mapping library are adopted, so that the active discovery of the industrial control system assets and the accurate classification of the industrial control device assets to be identified are realized, enough and detailed asset information can be obtained, and the technical problems that the existing industrial control asset discovery method is incomplete in asset discovery and not accurate in asset classification are solved.
Optionally, the number of IPs to be identified is at least one.
Optionally, the sending and receiving unit is further configured to: determining a corresponding network port based on a network protocol; and sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified through the network port.
Optionally, the preset industrial control device fingerprint database is a corresponding relationship between the fingerprint information and the preliminary asset information of the industrial control device, and the first determining unit is further configured to: matching the asset response data packet with the fingerprint information to obtain target fingerprint information matched with the asset response data packet; and taking the preliminary asset information of the industrial control equipment corresponding to the target fingerprint information as the preliminary asset information of the industrial control equipment to be identified.
Optionally, the preset asset mapping library is a corresponding relationship between the product serial number and the refined asset information of the industrial control device, and the second determining unit is further configured to: analyzing the target fingerprint information to obtain a target product serial number of the industrial control equipment to be identified; and matching the target product serial number with the product serial number in the preset asset mapping library, and determining the refined asset information of the industrial control equipment corresponding to the target product serial number according to the matching result so as to obtain the refined asset information of the industrial control equipment to be identified.
Optionally, the second determining unit is further configured to: and performing full matching or regular matching on the target product serial number and the product serial number in the preset asset mapping library.
Optionally, the apparatus is further configured to: and marking the asset information obtained by identification for the industrial control equipment to be identified.
The device provided by the embodiment of the present invention has the same implementation principle and technical effect as the method embodiments, and for the sake of brief description, reference may be made to the corresponding contents in the method embodiments without reference to the device embodiments.
As shown in fig. 6, an electronic device 600 provided in an embodiment of the present application includes: the system comprises a processor 601, a memory 602 and a bus, wherein the memory 602 stores machine-readable instructions executable by the processor 601, when an electronic device runs, the processor 601 and the memory 602 communicate through the bus, and the processor 601 executes the machine-readable instructions to execute the steps of the industrial control asset discovery method.
Specifically, the memory 602 and the processor 601 can be general-purpose memories and processors, and are not limited to specific ones, and the industrial control asset discovery method can be performed when the processor 601 runs a computer program stored in the memory 602.
The processor 601 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 601. The Processor 601 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 602, and the processor 601 reads the information in the memory 602 and completes the steps of the method in combination with the hardware thereof.
Corresponding to the industrial control asset discovery method, the embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores machine executable instructions, and when the computer executable instructions are called and executed by a processor, the computer executable instructions cause the processor to execute the steps of the industrial control asset discovery method.
The industrial control asset discovery device provided by the embodiment of the application can be specific hardware on equipment, or software or firmware installed on the equipment. The device provided by the embodiment of the present application has the same implementation principle and technical effect as the foregoing method embodiments, and for the sake of brief description, reference may be made to the corresponding contents in the foregoing method embodiments where no part of the device embodiments is mentioned. It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the foregoing systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
For another example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments provided in the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing an electronic device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the vehicle marking method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus once an item is defined in one figure, it need not be further defined and explained in subsequent figures, and moreover, the terms "first", "second", "third", etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the scope of the embodiments of the present application. Are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method for discovering industrial control assets is characterized by comprising the following steps:
acquiring an IP to be identified and a network protocol of an industrial control network;
sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified, and receiving an asset response data packet returned by the industrial control equipment to be identified;
determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library;
and determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified.
2. The method of claim 1, wherein the number of IPs to be identified is at least one.
3. The method according to claim 1, wherein sending an asset detection data packet corresponding to the network protocol to the to-be-identified industrial control device corresponding to the to-be-identified IP comprises:
determining a corresponding network port based on the network protocol;
and sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified through the network port.
4. The method of claim 1, wherein the preset industrial control device fingerprint database is a corresponding relationship between fingerprint information and preliminary asset information of industrial control devices, and determining the preliminary asset information of the industrial control device to be identified based on the asset response data packet and the preset industrial control device fingerprint database comprises:
matching the asset response data packet with the fingerprint information to obtain target fingerprint information matched with the asset response data packet;
and taking the initial asset information of the industrial control equipment corresponding to the target fingerprint information as the initial asset information of the industrial control equipment to be identified.
5. The method of claim 4, wherein the preset asset mapping library is a corresponding relation between a product serial number and refined asset information of industrial control equipment, and the step of determining the refined asset information of the industrial control equipment to be identified based on the asset response data packet and the preset asset mapping library comprises the following steps:
analyzing the target fingerprint information to obtain a target product serial number of the industrial control equipment to be identified;
and matching the target product serial number with the product serial number in the preset asset mapping library, and determining the refined asset information of the industrial control equipment corresponding to the target product serial number according to the matching result so as to obtain the refined asset information of the industrial control equipment to be identified.
6. The method of claim 5, wherein matching the target product serial number to a product serial number in the pre-provisioned asset map repository comprises:
and performing full matching or regular matching on the target product serial number and the product serial number in the preset asset mapping library.
7. The method of claim 1, wherein after the preliminary asset information and the refined asset information are used as asset information of the industrial control device to be identified, the method further comprises:
and marking the asset information obtained by identification for the industrial control equipment to be identified.
8. An industrial control asset discovery device, comprising:
the acquisition unit is used for acquiring the IP to be identified and the network protocol of the industrial control network;
the sending and receiving unit is used for sending an asset detection data packet corresponding to the network protocol to the industrial control equipment to be identified corresponding to the IP to be identified and receiving an asset response data packet returned by the industrial control equipment to be identified;
the first determining unit is used for determining preliminary asset information of the industrial control equipment to be identified based on the asset response data packet and a preset industrial control equipment fingerprint library;
and the second determining unit is used for determining refined asset information of the industrial control equipment to be identified based on the asset response data packet and a preset asset mapping library, and further taking the preliminary asset information and the refined asset information as the asset information of the industrial control equipment to be identified.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any of the preceding claims 1 to 7 are implemented when the computer program is executed by the processor.
10. A computer readable storage medium having stored thereon machine executable instructions which, when invoked and executed by a processor, cause the processor to perform the method of any of claims 1 to 7.
CN202111281945.1A 2021-11-01 2021-11-01 Industrial control asset discovery method and device and electronic equipment Pending CN114003796A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111281945.1A CN114003796A (en) 2021-11-01 2021-11-01 Industrial control asset discovery method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111281945.1A CN114003796A (en) 2021-11-01 2021-11-01 Industrial control asset discovery method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN114003796A true CN114003796A (en) 2022-02-01

Family

ID=79925978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111281945.1A Pending CN114003796A (en) 2021-11-01 2021-11-01 Industrial control asset discovery method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN114003796A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710341A (en) * 2022-03-28 2022-07-05 杭州安恒信息技术股份有限公司 Asset identification method, device, system, electronic device and storage medium
CN115022366A (en) * 2022-06-02 2022-09-06 深信服科技股份有限公司 Asset identification method and device, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710341A (en) * 2022-03-28 2022-07-05 杭州安恒信息技术股份有限公司 Asset identification method, device, system, electronic device and storage medium
CN115022366A (en) * 2022-06-02 2022-09-06 深信服科技股份有限公司 Asset identification method and device, electronic equipment and storage medium
CN115022366B (en) * 2022-06-02 2023-11-03 深信服科技股份有限公司 Asset identification method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110855473B (en) Monitoring method, device, server and storage medium
CN114003796A (en) Industrial control asset discovery method and device and electronic equipment
CN113489713B (en) Network attack detection method, device, equipment and storage medium
CN113127338A (en) Firmware testing method, server and computer readable storage medium
CN113242236B (en) Method for constructing network entity threat map
CN108881271B (en) Reverse tracing method and device for proxy host
CN114070760B (en) Mapping method and related device for network space asset
CN110647913A (en) Abnormal data detection method and device based on clustering algorithm
CN114461864A (en) Alarm tracing method and device
CN113704573A (en) Database sensitive data scanning method and device
CN112883765B (en) Target movement track acquisition method and device, storage medium and electronic equipment
CN108763053B (en) Method for generating buried point name and terminal equipment
CN114513334B (en) Risk management method and risk management device
CN115643172A (en) Abnormity detection method, abnormity detection device, terminal equipment and storage medium
CN112612817B (en) Data processing method, device, terminal equipment and computer readable storage medium
CN111242256B (en) Information verification method, device and terminal
CN113609111A (en) Big data testing method and system
CN107092702B (en) Geographic information element position comparison checking method and device based on overlapping proportion
CN113992334B (en) Storage method and verification method and device of equipment side data and electronic equipment
CN112199418B (en) State identification method, device and equipment for industrial object
CN114880713B (en) User behavior analysis method, device, equipment and medium based on data link
CN115333930B (en) Log classification method and device based on scene, electronic equipment and storage medium
CN112398794B (en) Method, device, equipment and storage medium for detecting network abnormal behavior
CN114006750B (en) Abnormal operation detection method and device and electronic equipment
CN116846638A (en) Unauthorized behavior detection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination