CN114448829A - Industrial control network asset detection device and detection method thereof - Google Patents
Industrial control network asset detection device and detection method thereof Download PDFInfo
- Publication number
- CN114448829A CN114448829A CN202210055036.4A CN202210055036A CN114448829A CN 114448829 A CN114448829 A CN 114448829A CN 202210055036 A CN202210055036 A CN 202210055036A CN 114448829 A CN114448829 A CN 114448829A
- Authority
- CN
- China
- Prior art keywords
- asset
- industrial control
- network
- control network
- assets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The invention discloses an industrial control network asset detection device, which comprises an acquisition module, a processing module and a detection module, wherein the acquisition module is used for acquiring an IP address and an open port of target equipment in an industrial control network; a detection method of an industrial control network asset detection device comprises the following steps; step one, an IP address of target equipment in an industrial control network is obtained. Compared with the prior art, the method has the advantages that: the industrial control network asset detection device and the method provided by the invention can determine the survival equipment in the industrial control network, do not need to determine the survival equipment through whole network segment scanning, and can avoid the abnormal operation of the industrial control equipment when a large number of detection messages are sent to the network.
Description
Technical Field
The invention relates to the technical field of industrial control network asset detection, in particular to an industrial control network asset detection device and a detection method thereof.
Background
With the rapid development of industrial internet technology, industrial control systems face more and more security risks, security assessment on the industrial control systems becomes more and more urgent, and the primary task of security risk assessment on the industrial control systems is to effectively sort industrial control assets in an industrial control network and clarify the industrial control asset conditions of the industrial control network.
Currently, industrial control asset detection is often performed by an active detection method. During specific implementation, the industrial control network is subjected to full IP scanning to obtain the survival assets, then the survival assets are subjected to full port pre-scanning to obtain the survival ports, and then the survival ports are sent with detection messages to read the asset information of the industrial control assets corresponding to the survival ports.
When the industrial control asset detection is carried out by the method, a large number of messages need to be sent to the network, and the operation of the industrial control asset is easy to be abnormal.
Disclosure of Invention
The invention aims to solve the technical problem of overcoming the technical difficulties and provides an industrial control network asset detection device and a detection method thereof, which are not easy to cause abnormal operation of industrial control assets.
In order to solve the technical problems, the technical scheme provided by the invention is as follows:
an industrial control network asset detection device comprises an acquisition module, a processing module and a detection module, wherein the acquisition module is used for acquiring an IP address and an open port of target equipment in an industrial control network, the acquisition module is used for downloading and acquiring reaction data sent by the target equipment from the IP address, the processing module is used for scanning network data in a data packet and acquiring asset information, and the detection module is used for detecting the asset information.
The detection method of the industrial control network asset detection device comprises the following steps;
step one, acquiring an IP address of target equipment in an industrial control network;
step two, downloading a network data packet of the industrial control network from the IP address, and simultaneously scanning a plurality of ports of the network assets in the network data packet so as to obtain asset information of the network assets;
and step three, detecting the asset information of the industrial control network.
The asset information obtained by scanning in the second step comprises;
when the network assets are domain name assets, the asset information of the domain name assets comprises any one or more items of domain names, resolution states, fingerprints, whois expiration times, ICP record numbers, record subjects, registrars and asset sources;
when the network asset is a web asset, the asset information of the web asset comprises any one or more of a system name, a URL (uniform resource locator), a status code, an asset source, a fingerprint, a corresponding IP (Internet protocol) and whether an access state is normal or not;
when the network asset is a host asset, the asset information of the host asset includes any one or more of host IP, presence or absence, hardware vendor, operating system, fingerprint, port service, operator, location, and asset source.
The detection method in the third step comprises the following steps;
receiving a specified access information and manual detection instruction input by a user;
and detecting assets according to the specified access information.
Compared with the prior art, the invention has the advantages that:
the device and the method for detecting the assets of the industrial control network provided by the invention can determine the survival equipment in the industrial control network by analyzing and scanning the network data packet in the industrial control network to obtain the asset information of the network data packet and detecting the assets of the asset information, do not need to determine the survival equipment through scanning of the whole network segment, and can avoid abnormal operation of the industrial control equipment when a large number of detection messages are sent to the network.
Detailed Description
The present invention will be described in further detail with reference to embodiments.
An industrial control network asset detection device comprises an acquisition module, a processing module and a detection module;
the acquisition module is used for acquiring an IP address and an open port of target equipment in the industrial control network;
the acquisition module is used for downloading and acquiring reaction data sent by the target equipment from the IP address;
the processing module is used for scanning the network data in the data packet and acquiring asset information;
the detection module is used for detecting asset information.
The detection method of the industrial control network asset detection device comprises the following steps;
step one, acquiring an IP address of target equipment in an industrial control network;
and step two, downloading a network data packet of the industrial control network from the IP address, and simultaneously scanning a plurality of ports of the network assets in the network data packet so as to obtain asset information of the network assets. Specifically, the asset information obtained by scanning includes;
when the network assets are domain name assets, the asset information of the domain name assets comprises any one or more items of domain names, resolution states, fingerprints, whois expiration times, ICP record numbers, record subjects, registrars and asset sources;
when the network asset is a web asset, the asset information of the web asset comprises any one or more of a system name, a URL (uniform resource locator), a status code, an asset source, a fingerprint, a corresponding IP (Internet protocol) and whether an access state is normal or not;
when the network asset is a host asset, the asset information of the host asset includes any one or more of host IP, presence or absence, hardware vendor, operating system, fingerprint, port service, operator, location, and asset source.
And step three, detecting the asset information of the industrial control network. Specifically, the detection method comprises the following steps of;
receiving a specified access information and manual detection instruction input by a user;
and detecting assets according to the specified access information.
The invention and its embodiments have been described above, without this being limitative. Without departing from the spirit of the invention, a person skilled in the art shall appreciate that embodiments similar to the above-described embodiments may be devised without inventing, and the invention shall fall within the scope of the claims.
Claims (4)
1. The utility model provides an industrial control network asset detection device which characterized in that: the system comprises an acquisition module, a processing module and a detection module, wherein the acquisition module is used for acquiring an IP address and an open port of target equipment in an industrial control network, the acquisition module is used for downloading and acquiring response data sent by the target equipment from the IP address, the processing module is used for scanning network data in a data packet and acquiring asset information, and the detection module is used for detecting the asset information.
2. A detection method of the industrial control network asset detection device according to claim 1, characterized in that: the detection method comprises the following steps;
step one, acquiring an IP address of target equipment in an industrial control network;
step two, downloading a network data packet of the industrial control network from the IP address, and simultaneously scanning a plurality of ports of the network assets in the network data packet so as to obtain asset information of the network assets;
and step three, detecting the asset information of the industrial control network.
3. The method for detecting the industrial control network asset detection device according to claim 2, characterized in that: the asset information obtained by scanning in the second step comprises;
when the network assets are domain name assets, the asset information of the domain name assets comprises any one or more items of domain names, resolution states, fingerprints, whois expiration times, ICP record numbers, record subjects, registrars and asset sources;
when the network asset is a web asset, the asset information of the web asset comprises any one or more of a system name, a URL (uniform resource locator), a status code, an asset source, a fingerprint, a corresponding IP (Internet protocol) and whether an access state is normal or not;
when the network asset is a host asset, the asset information of the host asset includes any one or more of host IP, presence or absence, hardware vendor, operating system, fingerprint, port service, operator, location, and asset source.
4. The method for detecting the industrial control network asset detection device according to claim 2, characterized in that: the detection method in the third step comprises the following steps;
receiving a specified access information and manual detection instruction input by a user;
and detecting assets according to the specified access information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210055036.4A CN114448829A (en) | 2022-01-18 | 2022-01-18 | Industrial control network asset detection device and detection method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210055036.4A CN114448829A (en) | 2022-01-18 | 2022-01-18 | Industrial control network asset detection device and detection method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114448829A true CN114448829A (en) | 2022-05-06 |
Family
ID=81367238
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210055036.4A Pending CN114448829A (en) | 2022-01-18 | 2022-01-18 | Industrial control network asset detection device and detection method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114448829A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115051935A (en) * | 2022-08-12 | 2022-09-13 | 北京华顺信安科技有限公司 | Network asset state monitoring method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109768870A (en) * | 2017-11-09 | 2019-05-17 | 国网青海省电力公司电力科学研究院 | A kind of industry control network assets discovery method and system based on active probing technique |
| CN112637159A (en) * | 2020-12-14 | 2021-04-09 | 杭州安恒信息技术股份有限公司 | Network asset scanning method, device and equipment based on active detection technology |
| CN112883031A (en) * | 2021-02-24 | 2021-06-01 | 杭州迪普科技股份有限公司 | Industrial control asset information acquisition method and device |
-
2022
- 2022-01-18 CN CN202210055036.4A patent/CN114448829A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109768870A (en) * | 2017-11-09 | 2019-05-17 | 国网青海省电力公司电力科学研究院 | A kind of industry control network assets discovery method and system based on active probing technique |
| CN112637159A (en) * | 2020-12-14 | 2021-04-09 | 杭州安恒信息技术股份有限公司 | Network asset scanning method, device and equipment based on active detection technology |
| CN112883031A (en) * | 2021-02-24 | 2021-06-01 | 杭州迪普科技股份有限公司 | Industrial control asset information acquisition method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115051935A (en) * | 2022-08-12 | 2022-09-13 | 北京华顺信安科技有限公司 | Network asset state monitoring method |
| CN115051935B (en) * | 2022-08-12 | 2022-12-13 | 北京华顺信安科技有限公司 | Network asset state monitoring method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525558B (en) | Data leakage detection method, system, device and storage medium | |
| CN112637159A (en) | Network asset scanning method, device and equipment based on active detection technology | |
| CN111800395A (en) | Threat information defense method and system | |
| CN109347892B (en) | Internet industrial asset scanning processing method and device | |
| JP2008104027A (en) | Apparatus and program for collecting packet information | |
| CN108063833B (en) | HTTP DNS analysis message processing method and device | |
| CN110809010A (en) | Threat information processing method, device, electronic equipment and medium | |
| CN114070629A (en) | Safety arrangement and automatic response method, device and system for APT (advanced persistent threat) attack | |
| CN110138731B (en) | Network anti-attack method based on big data | |
| US20160337385A1 (en) | Network monitoring method and network monitoring device | |
| CN106663176A (en) | Detection device, detection method, and detection program | |
| CN114448829A (en) | Industrial control network asset detection device and detection method thereof | |
| CN112699378A (en) | Industrial control equipment vulnerability detection system and method | |
| CN113238536A (en) | Industrial control system network vulnerability identification method and device and related equipment thereof | |
| CN114866258A (en) | Method and device for establishing access relationship, electronic equipment and storage medium | |
| CN111160504A (en) | Method, device and equipment for generating dynamic two-dimensional code and storage medium | |
| CN110266832A (en) | A kind of domain name analytic method and device | |
| US11546356B2 (en) | Threat information extraction apparatus and threat information extraction system | |
| CN111818025A (en) | User terminal detection method and device | |
| CN114726607B (en) | Network security monitoring system based on switch monitoring network data | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN115484326A (en) | Method, system and storage medium for processing data | |
| CN105635225A (en) | Method and system of using mobile terminal to access mobile internet-based server and mobile terminal | |
| CN115442109A (en) | Method, device, equipment and storage medium for determining network attack result | |
| CN111787110B (en) | Socks proxy discovery method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |