CN115333872A

CN115333872A - Security gateway analysis function verification method and device, terminal device and storage medium

Info

Publication number: CN115333872A
Application number: CN202211264389.1A
Authority: CN
Inventors: 杨旭
Original assignee: Beijing 6Cloud Technology Co Ltd; Beijing 6Cloud Information Technology Co Ltd
Current assignee: Beijing 6Cloud Technology Co Ltd; Beijing 6Cloud Information Technology Co Ltd
Priority date: 2022-10-17
Filing date: 2022-10-17
Publication date: 2022-11-11
Anticipated expiration: 2042-10-17
Also published as: CN115333872B

Abstract

The invention discloses a method and a device for verifying the analytic function of a security gateway, a terminal device and a storage medium, which relate to the field of gateway functional verification, and the method for verifying the analytic function of the security gateway comprises the following steps: acquiring function information analyzed by a verification protocol, wherein the function information comprises protocol data unit type information and/or parameter information; and carrying out multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result. The invention realizes the verification of the protocol analysis function of the security gateway by constructing the analysis function verification tool, provides a comprehensive, deep and efficient protocol analysis function verification method, and greatly improves the verification effect of the protocol analysis function of the security gateway.

Description

Security gateway parsing function verification method and device, terminal device and storage medium

Technical Field

The present invention relates to the field of gateway function authentication, and in particular, to a method, an apparatus, a terminal device, and a storage medium for gateway parsing function authentication.

Background

Currently, industrial control systems are widely used in industrial fields to monitor a large number of industrial instruments of a factory so as to realize information control of the factory. In order to realize the monitoring of the industrial instruments and meters, the two parties need an industrial protocol to realize mutual communication. The industrial protocol is an industrial control system communication protocol, such as: schneider Modbus Protocol, siemens S7 (S7 Communication, S7) Protocol, and rockwell Common Industrial Protocol (CIP) Protocol. With the continuous and deep knowledge of the S7 protocol, the security of the siemens PLC in the industrial field is also regarded as important. Since the S7 protocol is the same as the Modbus protocol and has no anti-replay function, once a person makes use of the defect maliciously in an environment without deploying effective security policies, serious consequences such as service termination of the industrial control system, data tampering or loss and the like occur. In order to protect the network security of the industrial field, industrial security gateway products (hereinafter referred to as security gateway) such as industrial firewall, industrial audit and the like appear. An essential difference between an industrial security gateway and a traditional security gateway is that the industrial security gateway needs to recognize, detect, deeply resolve and process more industrial protocols. The protocol analysis function in the security gateway can effectively recognize and process the S7 protocol, so that an illegal control instruction cannot access the industrial control equipment, and therefore malicious control attack behaviors are prevented. However, the S7 protocol parsing function of the security gateway is not always feasible, and once the function fails or the identification is inaccurate, the industrial control network has a huge potential safety hazard, and even the benefit of a factory is damaged, so that the personal safety is endangered. In order to reduce the above-mentioned hidden trouble, it is necessary to verify the validity of the S7 protocol deep parsing function of the security gateway.

The most common verification method at present is to perform verification by adopting a mode that a protocol simulator configures a CLIENT-SERVER (CLIENT-SERVER) simulation environment, although the method is simple in operation, the method is not a professional verification tool, and the simulator in the method only supports a few secondary function simulations of a Job function, does not support simulation of an extended function of an S7 protocol, and has the advantages of less protocol functions supporting verification, low verification efficiency and insufficient verification breadth and depth, so that the protocol verification capability is relatively weak in support. In addition, a common authentication method is that a traffic playback tool plays back S7 protocol data traffic, which can authenticate more protocol functions, but the deep authentication for the address domain and the value domain is seriously insufficient, so that the parsing function of the authentication security gateway cannot be effectively supported. In short, the effect of verifying the S7 protocol analysis function of the security gateway in the prior art cannot meet the requirement, in other words, no technology supports comprehensive, deep and efficient effective verification of the S7 protocol analysis function of the security gateway at present.

Disclosure of Invention

The invention mainly aims to provide a security gateway analysis function verification method, a security gateway analysis function verification device, a terminal device and a storage medium, and aims to solve the technical problem that the effect of verifying an S7 protocol analysis function of a security gateway in the prior art cannot meet the requirement.

In order to achieve the above object, the present invention provides a security gateway parsing function verification method, including:

acquiring function information analyzed by a verification protocol, wherein the function information comprises protocol data unit type information and/or parameter information;

and carrying out multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result.

Optionally, the step of performing multidimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result includes:

according to the function information, sending a corresponding function verification information request to a programmable logic controller through the pre-established protocol analysis function verification tool;

intercepting and analyzing the function verification information request through a security gateway to obtain a corresponding request result;

and verifying the protocol analysis function of the security gateway according to the request result to obtain a corresponding verification result.

Optionally, the protocol data unit type information includes task function information and/or user data function information, the task function information includes task primary function information and/or task secondary function information, the user data function information includes user data primary function information and/or user data secondary function information, the verification function of the pre-established protocol parsing function tool includes task function verification, user data function verification and custom function verification, and the step of sending a corresponding function verification information request to the programmable logic controller through the pre-established protocol parsing function verification tool according to the function information includes:

if the function information is the task primary function information, the task secondary function information and/or the parameter information, sending a corresponding function verification information request to the programmable logic controller through the task function verification in the pre-established protocol analysis function verification tool;

if the function information is the user data primary function information, the user data secondary function information and/or the parameter information, sending a corresponding function verification information request to the programmable logic controller through the user data function verification in the pre-established protocol analysis function verification tool;

and if the function information is the task function information and/or the user data function information, sending a corresponding function verification information request to the programmable logic controller through the self-defined function verification in the pre-established protocol analysis function verification tool.

Optionally, the step of verifying the protocol parsing function of the security gateway according to the request result to obtain a corresponding verification result includes:

verifying a protocol analysis function of the security gateway according to the request result;

if the request result is consistent with the request, obtaining an accurate verification result;

and if the request result is inconsistent with the request, obtaining a verification result which cannot be analyzed or is inaccurate.

Optionally, the step of obtaining the function information parsed by the authentication protocol, where the function information includes protocol data unit type information or parameter information, further includes:

constructing a protocol communication simulation environment;

obtaining a protocol analysis result in the protocol communication simulation environment;

and constructing the pre-established protocol analysis function verification tool according to the protocol analysis result.

Optionally, the step of obtaining a protocol analysis result in the protocol communication simulation environment includes:

acquiring S7 protocol communication data in the protocol communication simulation environment;

and analyzing the S7 protocol communication data according to different functions to obtain a protocol analysis result, wherein the protocol analysis result comprises different functional data.

Optionally, the step of constructing the pre-built protocol parsing function verification tool according to the protocol parsing result includes:

and coding according to the different function data in the protocol analysis result, and constructing the protocol analysis function verification tool based on a browser/server mode B/S structure.

In addition, to achieve the above object, the present invention further provides a security gateway parsing function verifying apparatus, including:

the acquisition module is used for acquiring the function information analyzed by the verification protocol, wherein the function information comprises protocol data unit type information and/or parameter information;

and the verification module is used for carrying out multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result.

In addition, in order to achieve the above object, the present invention further provides a terminal device, where the terminal device includes a memory, a processor, and a security gateway parsing function authentication program stored in the memory and operable on the processor, and when executed by the processor, the terminal device implements the steps of the security gateway parsing function authentication method as described above.

In addition, to achieve the above object, the present invention also provides a computer readable storage medium having stored thereon a security gateway parsing function authentication program, which when executed by a processor, implements the steps of the security gateway parsing function authentication method as described above.

The embodiment of the invention provides a method, a device, a terminal device and a storage medium for verifying the analytic function of a security gateway, wherein the method comprises the steps of obtaining the analytic function information of a verification protocol, wherein the function information comprises the type information and/or the parameter information of a protocol data unit; and performing multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result. Based on the method and the device, the function in the pre-established protocol analysis function verification tool is determined through the acquired protocol data unit type information and/or parameter information analyzed by the verification protocol, so that the function is used for carrying out multi-dimensional verification on the protocol analysis function of the security gateway, the verification on the effectiveness of the protocol analysis function of the security gateway is realized, the effect of verifying the protocol analysis function of the security gateway is greatly improved, the problems existing in the protocol analysis function of the gateway can be found in time, the improvement and optimization of the protocol deep analysis function in the security gateway can be promoted, the protocol analysis capability of the security gateway can be improved, the overall technical level of the security gateway can be improved, and the safety of an industrial field network can be guaranteed.

Drawings

FIG. 1 is a schematic overall flow diagram of a prior art protocol simulator configuration client-server simulation environment verification;

FIG. 2 is a schematic overall flow chart of a prior art data traffic verification method for playback S7 by a traffic playback tool;

fig. 3 is a schematic diagram of functional modules of a terminal device to which the security gateway parsing function verification apparatus of the present invention belongs;

FIG. 4 is a flowchart of a security gateway parsing function authentication method according to a first exemplary embodiment of the present invention;

FIG. 5 is a flowchart illustrating a security gateway parsing function verification method according to a second exemplary embodiment of the present invention;

FIG. 6 is a flowchart illustrating a security gateway parsing function verification method according to a third exemplary embodiment of the present invention;

FIG. 7 is a diagram illustrating a task first-level function, a task second-level function, and a function code table in an embodiment of a security gateway parsing function verification method according to the present invention;

fig. 8 is a schematic diagram of a user data primary function, a user data secondary function, and a function code table in an embodiment of a security gateway parsing function verification method of the present invention;

fig. 9 is a flowchart illustrating a security gateway parsing function authentication method according to a fourth exemplary embodiment of the present invention;

FIG. 10 is a diagram illustrating a protocol communication simulation environment in an embodiment of a security gateway parsing function verification method according to the present invention;

fig. 11 is a flowchart illustrating a security gateway parsing function authentication method according to a fifth exemplary embodiment of the present invention;

FIG. 12 is a diagram illustrating an S7 protocol data frame in an embodiment of a security gateway parsing function verification method according to the present invention;

fig. 13 is a schematic overall flow chart of an embodiment of a security gateway parsing function verification method according to the present invention.

The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.

Detailed Description

It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The main solution of the embodiment of the invention is as follows: acquiring function information analyzed by a verification protocol, wherein the function information comprises protocol data unit type information and/or parameter information; and carrying out multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result. Based on the method and the device, the function in the pre-established protocol analysis function verification tool is determined through the acquired protocol data unit type information and/or parameter information analyzed by the verification protocol, so that the function is used for carrying out multi-dimensional verification on the protocol analysis function of the security gateway, the verification on the effectiveness of the protocol analysis function of the security gateway is realized, the problems of few verification means, low verification efficiency, low verification accuracy and the like of the protocol analysis function of the security gateway in the prior art are solved, the effect of verifying the protocol analysis function of the security gateway is greatly improved, the problems existing in the protocol analysis function are favorably found in time, the improvement and optimization of the protocol deep analysis function in the security gateway are promoted, the protocol analysis capability of the security gateway is improved, the overall technical level of the security gateway is improved, and the security of an industrial field network is guaranteed.

The technical terms related to the embodiment of the invention are as follows:

a Programmable Logic Controller (PLC), a digital operation Controller with a microprocessor for automatic control, which can load control instructions into a memory at any time for storage and execution.

S7 (S7 Communication, S7 Comm, S7): the S7 protocol is a proprietary protocol designed by siemens for communication between PLCs produced by the siemens And between a Supervisory Control And Data Acquisition (SCADA) system And the PLCs. The difference between the S7 protocol and the Modbus protocol is that the Modbus protocol discloses an official communication document (a public protocol), and a developer can perform secondary development according to the document. The S7 protocol is also referred to as a proprietary protocol since it has no public documentation nor official terminology. In recent years, a plurality of open-source projects for developers to learn the S7 protocol, such as Snap7, S7 wirehardk disassector and other tools, have appeared, so that people have increasingly deep knowledge of the S7 protocol. The structure of the S7 protocol is mainly divided into: header (Header), parameter (Parameter) and Data (Data).

Protocol Data Unit (PDU): refers to the unit of data passed between peer levels. For example, in the Open Systems Interconnection (OSI) model, protocol data units are established at each layer of the transport system. The Protocol Data Unit (PDU) of the physical layer is a data Bit (Bit), the PDU of the data link layer is a data Frame (Frame), the PDU of the network layer is a data Packet (Packet), the PDU of the transport layer is a data Segment (Segment), and the other PDU of the higher layer is a Message (Message). For example, the PDU for S7 Communication includes three types of Header (Header), parameter (Parameter), and Data (Data).

Head (Header): mainly descriptive information of data, including length information, PDU reference and message type constant, and most importantly, indicates the type of PDU.

Parameters (Parameter): there may be different types of parameters with different types of PDUs.

Data (Data): the data is an optional field to carry data, such as memory values, block codes, firmware data, etc.; this part is related to functions, such as: reading the CPU model and writing data into the CPU storage area; this portion does not contain any data in the request data message.

STEP 7: STEP 7 is used for programming, monitoring and parameter setting of SimATIC S7, M7, C7 and PC-based WinAC, and is an important component of SIMATIC industrial software. It is standard software for SIMATIC S7-300/400 station to create programmable logic control program, and can use ladder diagram logic, function block diagram and statement table to make programming operation.

Wireshark: wireshark (formerly Ethereal) is a piece of network packet analysis software. The function of the network packet analysis software is to intercept the network packet and display the most detailed network packet data as possible. Wireshark uses WinPCAP as an interface and directly exchanges data messages with the network card.

TPKT protocol (Transport Service on top of the TCP, application data Transport protocol): transport services over TCP. Between TCP and COTP, it belongs to the transport services class of protocols. The method carries out transition for the upper COTP and the lower TCP, namely, a bridge is built between the COTP and the TCP. The contents of which include the length of the upper layer protocol packet. Typically sent with COTP as a Header section.

The COTP Protocol (Connection-Oriented Transport Protocol), i.e., a COTP Protocol, corresponds to an OSI Transport layer, and its transmission is necessarily Connection-dependent, so that there is a necessity for establishing a link operation like TCP handshake before transmitting data. Its role is to define the basic unit of data transmission, i.e. PDU type in S7 Comm.

C/S structure (Client/Server ): the task of the client program is to submit the requirement of the user to the server program, and then display the result returned by the server program to the user in a specific form; the task of the server program is to receive the service request from the client program, to process the request correspondingly, and to return the result to the client program.

B/S architecture (Brower/Server, browser/Server): the network structure mode after the Web is started. The Web browser is the most prominent application software of the client. The B/S structure adopts the working mode of browser request and server response. The mode unifies the client, and the core part for realizing the system function is centralized on the server, so that the development, maintenance and use of the system are simplified.

The embodiment of the invention considers the prior art about the verification of the security gateway parsing function, and currently, the most common method is to adopt a protocol simulator to configure a CLIENT-SERVER (CLIENT-SERVER) to simulate environment verification. For example, the current Snap7 protocol simulator (Client) is used to establish communication with the PLC (Server). And then deploying the security gateway to the communication network, initiating various functions to the PLC through Snap7, and finally verifying the protocol analysis capability of the security gateway after the communication traffic passes through the security gateway. As shown in fig. 1, fig. 1 is a schematic overall flow chart of the protocol simulator configuration client-server simulation environment verification, and the verification flow is summarized as follows:

firstly, a strategy is deployed, namely, a protocol resolution strategy is deployed S7 on the security gateway, and authentication is waited for.

Then, the environment is configured, namely, the Snap7 simulator is started, a simulator-PLC (Client-Server) simulation environment is configured, and the security gateway is deployed between the communication networks.

Then, the verification function, i.e., snap7, initiates a corresponding function request, taking "0x05 Write Var" as an example, the simulator initiates a command, the 1 st byte "0x05" of the data frame indicates "Write Var", the 11 th byte indicates "written to which area", the 12 th, 13 th and 14 th bytes indicate "written to which address", the 17 th byte indicates "type of written data", and the 20 th byte indicates "data". When the command sent by the simulator passes through the security gateway, the analysis rule is triggered. And checking whether the analysis result is consistent with the meaning of the sent instruction or not on the security gateway.

Although the mode of configuring the CLIENT-SERVER (CLIENT-SERVER) with the protocol simulator to simulate the environment verification is convenient to operate, the supported protocol simulation functions are few, and only basic CPU functions, such as read and write functions (0 x04, 0x 05), partial CPU operation instructions (0 x00, 0xF 0) and the like, are provided, and the simulation of the extended function of the S7 protocol is not supported, and the protocol simulator is not a professional verification tool, has low verification efficiency and insufficient breadth and depth, so that the protocol verification capability is supported weakly.

Another common verification method is a flow playback tool playing back S7 data flow verification, as shown in fig. 2, fig. 2 is an overall flow diagram of a flow playback tool playing back S7 data flow verification method, and the overall flow is summarized as follows:

and deploying S7 protocol analysis strategy on the security gateway, and waiting for verification. And then collecting a large number of data packets with the S7 protocol function on the industrial site, sending a request through a flow playback tool, and carrying out protocol analysis on the received request by the security gateway so as to verify the protocol analysis function of the security gateway. For example, in the case of a 0x04 write variable, bytes 12, 13, and 14 in the data represent "address of the written data", although the validity of the verification of the security gateway of this piece of data can be checked by playing back the data packet, this method cannot be used if it is desired to verify whether other addresses are supported. Therefore, although this method has a certain extent of protocol analysis function of the authentication gateway, it is insufficient for deep authentication of the address domain and the value domain, and cannot effectively support the analysis function of the authentication security gateway.

In a word, the above prior art cannot support the protocol analysis function verification of the security gateway in depth, breadth and efficiency at the same time, and the verification effect cannot meet the requirements.

Therefore, the embodiment of the application provides a solution to obtain the function information analyzed by the verification protocol, wherein the function information comprises protocol data unit type information and/or parameter information; and carrying out multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result. The scheme solves the problems that in the prior art, the verification means for the security gateway protocol analysis function is few, the verification efficiency is low, the verification accuracy is low and the like, greatly improves the effect of verifying the security gateway protocol analysis function, is beneficial to timely finding out the problems existing in the gateway protocol analysis function and promoting the improvement and optimization of the protocol depth analysis function in the security gateway, improves the protocol analysis capability of the security gateway, further improves the overall technical level of the security gateway, and ensures the safety of an industrial field network.

Referring to fig. 3, fig. 3 is a schematic diagram of functional modules of a terminal device to which the security gateway parsing function verification apparatus belongs. The security gateway analysis function verification device is based on the terminal equipment and can carry out multi-dimensional verification on the protocol analysis function of the security gateway, so that improvement and optimization of the security gateway protocol analysis function are promoted, and the security gateway analysis function verification device can be borne on the terminal equipment in a hardware or software mode.

In the embodiment of the present invention, the terminal device to which the security gateway parsing function verifying apparatus belongs at least includes an output module 110, a processor 120, a memory 130, and a communication module 140.

The memory 130 stores a security gateway parsing function verification program, and the security gateway parsing function verification device can obtain function information parsed by a verification protocol, wherein the function information comprises protocol data unit type information and/or parameter information; performing multidimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain corresponding verification results and other information, and storing the corresponding verification results and other information in the memory 130; the output module 110 may be a display screen or the like. The communication module 140 may include a WIFI module, a mobile communication module, a bluetooth module, and the like, and communicates with an external device or a server through the communication module 140.

Wherein the secure gateway in the memory 130 parses the functional verification program, which when executed by the processor implements the steps of:

Further, the security gateway parsing function verification program in the memory 130 when executed by the processor further implements the steps of:

according to the request result, verifying the protocol analysis function of the security gateway;

constructing a protocol communication simulation environment;

Further, the security gateway parsing function authentication program in the memory 130 when executed by the processor further implements the steps of:

Based on the above terminal device architecture but not limited to the above architecture, embodiments of the method of the present invention are presented.

Referring to fig. 4, fig. 4 is a flowchart illustrating a security gateway parsing function verification method according to a first exemplary embodiment of the present invention. The security gateway parsing function verification method comprises the following steps:

step S110, acquiring function information analyzed by a verification protocol, wherein the function information comprises protocol data unit type information and/or parameter information;

specifically, the PDU includes three parts, namely, a Header (Header), a Parameter (Parameter), and Data (Data), where the Data (Data) is optional, and taking the S7 protocol as an example, the structure of the S7 protocol may be different according to different implemented functions; for example, a request data packet contains only a header and a parameter. The header contains length information, PDU reference and message type constants; the content and structure of the parameters vary greatly according to the message and function type of the PDU; data is an optional field used to carry data such as memory values, block codes, firmware data, etc. The header is 10-12 bytes in length and the acknowledgement message contains two additional error code bytes. In addition to this, the header format is consistent across all PDUs. The function information of the protocol analysis is acquired to determine the functions to be verified by the pre-established protocol analysis function verification tool, so that the tool can carry out targeted verification as required

And step S120, performing multidimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result.

Specifically, selecting a pre-established protocol analysis function verification tool according to the function information, and sending a corresponding function verification information request to the programmable logic controller through the pre-established protocol analysis function verification tool; intercepting and analyzing the function verification information request through a security gateway to obtain a corresponding request result; and verifying the protocol analysis function of the security gateway according to the request result to obtain a corresponding verification result.

For example, a user data function authentication (primary function) is selected, then a Mode-transition (secondary function) is selected, corresponding parameters are changed, a protocol analysis function of the security gateway is authenticated, and an analysis result of the security gateway is checked, so that a corresponding authentication result is obtained.

According to the scheme, the functional information analyzed by the verification protocol is obtained specifically, and the functional information comprises protocol data unit type information and/or parameter information; and carrying out multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result. Based on the scheme, the function needing to be verified is selected on the pre-established protocol analysis function verification tool through obtaining the function information, the pre-established protocol analysis function verification tool sends a corresponding function verification information request to the PLC according to the selected function, a protocol analysis strategy is deployed on the security gateway in advance, and therefore when the pre-established protocol analysis function verification tool sends the corresponding function verification information request and passes through the security gateway, the protocol analysis function of the security gateway is triggered, the security gateway conducts protocol analysis on the passed function verification information request, finally, a request result corresponding to the protocol analysis is presented on the security gateway, the protocol analysis function of the security gateway is verified through checking the request result, a corresponding verification result is obtained, multi-dimensional verification on the validity of the protocol analysis function of the security gateway is achieved, the problems that in the prior art, the verification means for the protocol analysis function of the security gateway is few, the verification efficiency is low, the verification accuracy is low and the like are solved, the effect of the protocol analysis function of the security gateway is greatly improved, the problem existing protocol analysis function of the gateway is found in time, the deep improvement of the protocol analysis function of the security gateway and the security gateway is further, the overall security level of the security gateway is improved, and the security technology is improved.

Further, referring to fig. 5, fig. 5 is a flowchart illustrating a security gateway parsing function verification method according to a second exemplary embodiment of the present invention. Based on step S120 in the embodiment shown in fig. 4, the step of performing multidimensional authentication on the protocol parsing function of the security gateway according to the function information and the pre-established protocol parsing function authentication tool to obtain a corresponding authentication result includes:

step S1201, according to the function information, sending a corresponding function verification information request to a programmable logic controller through the pre-established protocol analysis function verification tool;

specifically, based on step S110, the protocol data unit type information includes task function information and/or user data function information, the task function information includes task primary function information and/or task secondary function information, the user data function information includes user data primary function information and/or user data secondary function information, and the verification function of the pre-established protocol parsing function tool includes task function verification, user data function verification, and custom function verification.

After the function information is selected on the pre-established protocol analysis function verification tool, the pre-established protocol analysis function verification tool sends a corresponding function verification information request to the PLC, such as operations of sending a specified function, changing an address domain and a value domain parameter of the function and the like.

Step S1202, intercepting and analyzing the function verification information request through a security gateway to obtain a corresponding request result;

specifically, since the security gateway is deployed in the communication environment in advance, the function authentication information request flows through the security gateway after being sent out, a protocol analysis function of the security gateway is triggered, and the security gateway identifies and analyzes the function authentication information request to obtain a corresponding request result. The request result is the basis for verifying whether the protocol analysis function of the security gateway is valid.

And step S1203, verifying the protocol analysis function of the security gateway according to the request result to obtain a corresponding verification result.

Specifically, according to the request result, the protocol analysis function of the security gateway is verified; if the request result is consistent with the request, obtaining an accurate verification result; and if the request result is inconsistent with the request, obtaining a verification result which cannot be analyzed or is inaccurate. In other words, the request sent by the pre-established protocol analysis function verification tool and the result analyzed by the security gateway are checked, and whether the protocol analysis function of the security gateway is effective or not is determined according to whether the request sent by the pre-established protocol analysis function verification tool and the result analyzed by the security gateway are consistent or not.

Specifically, if the request result is consistent with the request, an accurate verification result is obtained, which indicates that the security gateway can accurately identify the current function code, the address domain and the value domain, and the security gateway is complete in function, can be normally used, and does not need to be improved.

If the request result is inconsistent with the request, obtaining an unresolvable or inaccurate verification result, considering two situations, and if the unresolvable verification result is obtained according to the request result, indicating that the security gateway cannot identify the current function code, the address domain and the value domain, wherein the situation indicates that the protocol deep resolution function of the security gateway needs to be completed; if an inaccurate verification result is obtained according to the request result, the security gateway cannot fully recognize, for example, the function code can be recognized, but the function code cannot be recognized for the deeper address field and value field, which indicates that the security gateway needs to improve the protocol deep resolution function to support the deeper resolution.

According to the scheme, the embodiment specifically sends a corresponding function verification information request to the programmable logic controller through the pre-established protocol analysis function verification tool according to the function information; intercepting and analyzing the function verification information request through a security gateway to obtain a corresponding request result; and verifying the protocol analysis function of the security gateway according to the request result to obtain a corresponding verification result. Based on the scheme, after the function information is selected on the pre-established protocol analysis function verification tool, the pre-established protocol analysis function verification tool sends a corresponding function verification information request to the PLC, and the security gateway receives the function verification information request, identifies the request, analyzes the protocol and obtains a corresponding request result. Comparing the request result with the issued function verification information request, and judging whether the request result is consistent with the issued function verification information request: if the verification result is consistent with the verification result, an accurate verification result is obtained, which shows that the protocol analysis function of the security gateway is complete and no improvement is needed; if the two verification results are inconsistent, an unresolvable or inaccurate verification result is obtained, which indicates that the protocol resolution function of the security gateway is incomplete and further optimization and improvement are needed. According to the scheme, the depth and accuracy verification of the protocol analysis function of the security gateway is realized, and whether the protocol analysis function of the security gateway is effective or not is obtained, so that the possible problems of the security gateway can be found in time, the targeted response measures can be taken favorably, the depth analysis capability of the security gateway to the protocol is improved, the potential safety hazard of an industrial control network caused by the potential safety hazard can be eliminated as early as possible, the network safety of the industrial control network is maintained, and the smooth proceeding of industrial production is guaranteed.

Further, referring to fig. 6, fig. 6 is a flowchart illustrating a security gateway parsing function verification method according to a third exemplary embodiment of the present invention. Based on step S1201 in the embodiment shown in fig. 5, the protocol data unit type information includes task function information and/or user data function information, the task function information includes task primary function information and task secondary function information, the user data function information includes user data primary function information and user data secondary function information, the verification function of the pre-established protocol parsing function tool includes task function verification, user data function verification and custom function verification, and the step of sending a corresponding function verification information request to the programmable logic controller through the pre-established protocol parsing function verification tool according to the function information includes:

step S12011, if the function information is the task primary function information, the task secondary function information, and/or the parameter information, sending a corresponding function verification information request to the programmable logic controller through the task function verification in the pre-established protocol analysis function verification tool;

specifically, the determination of the function information is selected from the pre-established protocol parsing function verification tool, and the selected function information determines the corresponding function in the pre-established protocol parsing function verification tool. For example, selecting the task primary function information, the task secondary function information and adjusting the key parameter data amount (Item count) and the data content (Item), the task function verification in the pre-established protocol parsing function verification tool is used.

Taking the S7 protocol as an example, referring to fig. 7, fig. 7 is a task primary function, a task secondary function and a function code table, and as shown in fig. 8, the task primary function (Job function) includes 11 task secondary functions (subfunctions), and each task secondary function has a corresponding function code. The task function verification in the pre-established protocol analysis function verification tool is to perform deep verification on task function information and is used for verifying all task function verification information requests sent to the PLC by the main device so as to verify the breadth and the deep analysis capability of the security gateway to the protocol.

Taking 0x04 (Read variable) as an example, the pre-built protocol parsing function verification tool selects a task level function (Job function) first, then selects a Read variable (Read Var), and arbitrarily adjusts the key parameter data amount (Item Count) and the data content (Item) to verify the protocol parsing function of the security gateway.

Step S12012, if the function information is the user data primary function information, the user data secondary function information, and/or the parameter information, sending a corresponding function verification information request to the programmable logic controller through the user data function verification in the pre-established protocol analysis function verification tool;

specifically, since the selected function information determines the corresponding function in the verification tool using the pre-established protocol parsing function, when the function information is the user data primary function information, the user data secondary function information, and/or the parameter information, the user data function in the verification tool using the pre-established protocol parsing function is verified.

Taking the S7 protocol as an example, referring to fig. 8, fig. 8 is a user data primary function, a user data secondary function, and a function code table, as shown in fig. 8, the user data primary function (Userdata function) belongs to an extended function of the protocol, and includes 9 user data secondary functions, each user data secondary function has a corresponding function code, and the user data function verification in the pre-established protocol analysis function verification tool is to perform deep verification on user data function information, and is used for sending a user data function information request to the PLC, so as to verify the breadth and deep analysis capability of the security gateway on the protocol.

For example, a user data primary function (Userdata function) is selected on the pre-established protocol parsing function verification tool, then a conversion operation Mode-transition (secondary function) is selected, and the key parameter data amount (Item Count) and the data content (Item) are arbitrarily adjusted to verify the protocol parsing function of the security gateway.

Step S12013, if the function information is the task function information and/or the user data function information, sending a corresponding function verification information request to the programmable logic controller through the custom function verification in the pre-established protocol parsing function verification tool.

Specifically, in addition to the task function verification in the pre-built parsing function verification tool mentioned in step S12011 and the user data function verification in the pre-built parsing function verification tool mentioned in step S12012, the functions of the tool also include the custom function verification, which is a supplement to the above two functions, and by this function, the user can quickly verify the validity of the protocol parsing function of the security gateway by only adjusting any function to be verified and sending a corresponding function verification information request.

For example, in order to accelerate the verification efficiency, the function is used for directly sending all functional verification information requests including a task function and a user data function to the PLC, and the security gateway carries out protocol analysis after receiving the requests, so that the analysis capability of the security gateway is rapidly verified, and the verification efficiency is greatly improved.

According to the scheme, if the function information is the task primary function information, the task secondary function information and/or the parameter information, the task function verification in the pre-established protocol analysis function verification tool is used for sending a corresponding function verification information request to the programmable logic controller; if the function information is the user data primary function information, the user data secondary function information and/or the parameter information, sending a corresponding function verification information request to the programmable logic controller through the user data function verification in the pre-established protocol analysis function verification tool; and if the function information is the task function information and/or the user data function information, sending a corresponding function verification information request to the programmable logic controller through the self-defined function verification in the pre-established protocol analysis function verification tool. Based on the scheme, the content of the function information is determined, the function needing to be verified is selected on the pre-established protocol analysis function verification tool, the parameters are adjusted, and the task function verification, the user data function verification or the user-defined function verification on the tool are utilized to send a corresponding verification function information request to the PLC, so that the industrial protocol verification breadth of the security gateway is improved by at least 50%, the depth is improved by at least 100%, and the verification efficiency is improved by 40%.

Further, referring to fig. 9, fig. 9 is a flowchart illustrating a security gateway parsing function verification method according to a fourth exemplary embodiment of the present invention. Based on step S110 in the embodiment shown in fig. 4, before the step of obtaining the function information parsed by the authentication protocol, the step of obtaining the function information including the protocol data unit type information or the parameter information further includes:

s80, constructing a protocol communication simulation environment;

specifically, as shown in fig. 10, fig. 10 is a schematic diagram of a protocol communication simulation environment of the security gateway parsing function verification method of the present invention. The protocol communication simulation environment is an environment which is established for conveniently verifying the effectiveness of the protocol analysis capability of the security gateway and comprehensively and truly restores the communication between the client and the server, and is established based on the unilateral communication mode of the client/the server.

Taking S7 protocol communication as an example, the client/server-based unilateral communication mode is the most commonly used one of the two modes supported by S7 protocol communication. The two ways supported by the S7 protocol communication are: 1) Based on client/server unilateral communication, in this mode, only the client side is required to be configured and programmed, and the server (PLC) side only needs to be ready to access data. A common client: HMI interface (HMI), programmed computer (PG/PC), etc. 2) Based on the partner/partner communication mode, this mode is bilateral communication, and the application is less, and will not be described again.

The protocol communication simulation environment is constructed by using upper computer programming software STEP 7 software, a switch, a PLC and an industrial instrument. STEP 7 has the following functions: hardware configuration and parameter settings, communication configuration, programming, testing, startup and maintenance, documentation, operational and diagnostic functions, etc. By utilizing the function of STEP 7 software, the efficiency of all automation tasks can be effectively improved. In the protocol communication simulation environment, STEP 7 is used as client software in a unilateral communication mode of protocol communication, namely as a software tool at one end of communication with the PLC.

In addition, it should be noted that the PLC may be of any type of siemens S300 or S1200. For example, a communication simulation environment can be constructed using the upper computer programming software STEP 7 software, the switch, siemens S300 and industrial instrumentation.

Step S90, obtaining a protocol analysis result in the protocol communication simulation environment;

specifically, deploying a traffic grabbing tool Wireshark at an upper computer in the protocol communication simulation environment, and acquiring protocol communication data through the Wireshark; and deeply analyzing the protocol communication data according to different functions to obtain a protocol analysis result, wherein the protocol analysis result comprises different function data and is used for forming a protocol function verification tool.

Taking S7 as an example, capturing S7 protocol communication data through Wireshark in the upper computer, performing deep analysis on the acquired S7 protocol according to different functions to obtain an S7 protocol analysis result, and forming an S7 protocol analysis function verification tool according to the obtained result.

And S100, constructing the pre-established protocol analysis function verification tool according to the protocol analysis result.

Specifically, a Python tool is used for coding and reconstructing analysis results of protocol communication data according to different functional data, so that a set of automatic and extensible pre-established protocol analysis function verification tool is formed. The verification functions of the pre-built protocol analysis function tool comprise task function verification, user data function verification and user-defined function verification, and the functions provide a faster and more effective verification function. The task function verification is to verify all functions of a task function verification information request sent by the main equipment, and verify the breadth and the depth analysis capability of the security gateway to the protocol; the user data function verification is an extended function of a verification protocol, so that the breadth and depth resolution capability of the security gateway on the protocol are verified; the custom function verification is to accelerate the verification efficiency, only needs to adjust any function needing verification, and sends a request by one key to quickly verify the analysis capability of the security gateway.

According to the scheme, the protocol communication simulation environment is constructed; obtaining a protocol analysis result in the protocol communication simulation environment; and constructing the pre-established protocol analysis function verification tool according to the protocol analysis result. Based on the scheme, the protocol communication simulation environment is established in a client/server-based unilateral communication mode, in the protocol communication simulation environment, protocol communication data are obtained through Wireshark in a deployed upper computer and are subjected to protocol analysis, an analysis result is obtained, a Python tool is used for compiling the analysis result of the protocol communication data according to different functional data to form a protocol analysis function verification tool, the protocol analysis function verification tool is established, and conditions are provided for subsequent verification of the protocol analysis capability of the security gateway. The tool has three optional verification functions, can comprehensively and deeply analyze the protocol, provides a comprehensive protocol verification function, not only aims at certain functions but also can verify all protocol analysis functions of the security gateway, and compared with the prior art, the breadth, the depth and the efficiency of verification are greatly improved.

Further, referring to fig. 11, fig. 11 is a flowchart illustrating a security gateway parsing function verification method according to a fifth exemplary embodiment of the present invention. Based on the step S90 in the embodiment shown in fig. 9, the step of obtaining a protocol analysis result in the protocol communication simulation environment includes:

step S901, acquiring S7 protocol communication data in the protocol communication simulation environment;

specifically, the protocol communication data is communication data between STEP 7 and the PLC. The protocol communication data needs to be acquired because the formation of the protocol analysis function verification tool needs to be compiled according to different function data rules obtained by analyzing the data. The protocol communication data is obtained mainly by deploying a flow grabbing tool Wireshark on the upper computer and grabbing protocol communication data flow through the Wireshark.

Taking an S7 protocol as an example, in the protocol communication simulation environment, an S7 protocol communication data between STEP 7 and the PLC is captured by using a Wireshark tool of the upper computer.

And step S902, analyzing the S7 protocol communication data according to different functions to obtain a protocol analysis result, wherein the protocol analysis result comprises different function data.

Specifically, since the protocol analysis result is required to be used for constructing the protocol analysis function verification tool, the obtained protocol communication data needs to be deeply analyzed to obtain the protocol analysis result containing different functional data.

Taking the S7 protocol as an example, the S7 protocol is a private protocol, and the data frame is divided into 3 parts in the application layer, i.e., the TPTK protocol, COTP, and S7 Communication. TPTK and COTP structures are relatively simple, so the S7 Communication layer was analyzed with emphasis. Taking an analysis of a certain function as an example, referring to fig. 12, fig. 12 is an S7 Protocol data frame, and a 1 st frame of data is a Protocol constant (Protocol ID) and is always set to 0x32; frame 2 is a request message Type (primary function including a Job function or a Userdata function) of a message Type (ROSCTR, PDU Type) control S7; frame 3 and frame 4 are always set to 0x0000 (but may be ignored) for Redundancy Identification (Reserved); frame 5 and frame 6 are protocol data unit references (PDU references) generated by the master station, incremented for each new transmission, for linking responses to its requests; frame 7 and frame 8 represent the Length of the Parameter field for Parameter Length (Parameter Length); frame 9 and frame 10 represent the Length of the Data field for the Data Length (Data Length); the 11 th frame Function Code (Function Code) indicates a Function of the control request (secondary Function); frame 12 is the data volume (Item Count); followed by the data content (Item).

In the deep analysis process, a fixed variable method is adopted for analysis, firstly, a value of a fixed Function Code (Function Code) is taken, the value ranges and the value types of parameters such as a data quantity (Item Count) and a data content (Item) are analyzed, the analysis can obtain that the value range of the data quantity (Item Count) is 0-M, the value range of the data type in the data content (Item) is 0-N, if the data type is 1 for representing one type, and if the data type is 2 for representing the other type, the value laws of all the parameters under the current Function Code (Function Code) are summarized immediately. And then adjusting the Function Code, continuously analyzing the value range, the value type and the like of other parameters of the current Function Code, and finally summarizing the rule of each Function Code to obtain the protocol analysis result.

In this embodiment, by taking the S7 protocol as an example through the above solution, specifically, the S7 protocol communication data is obtained in the protocol communication simulation environment; and analyzing the S7 protocol communication data according to different functions to obtain a protocol analysis result, wherein the protocol analysis result comprises different function data. Based on the scheme, the S7 protocol communication data are captured through a Wireshark tool of the upper computer, protocol analysis is carried out on the obtained data, and preparation is made for subsequently integrating the data into a protocol analysis function verification tool.

Further, based on step S100 in the embodiment shown in fig. 9, the step of constructing the pre-built protocol parsing function verification tool according to the protocol parsing result includes:

and S1001, coding according to the different function data in the protocol analysis result, and constructing the protocol analysis function verification tool based on a browser/server mode B/S structure.

Specifically, the B/S structure is an improvement of the C/S structure, and the conventional C/S structure software (i.e. client/server mode) is divided into two layers, i.e. client and server: the first layer is the integration of presentation and business logic on client systems and the second layer is the integration of database servers over a network.

The B/S structure is an improvement of the C/S structure, and can be said to belong to a three-layer C/S architecture. The method mainly utilizes the continuously mature WWW browser technology, realizes the powerful functions which can be realized by complex special software originally by using a general browser, saves the development cost and is a brand new software system construction technology.

The difference between the B/S architecture and the C/S architecture is that the B/S architecture has three layers:

the first layer is that the browser (i.e., client) has only simple input and output functions, handling a very small portion of the transactional logic. Because the client does not need to install a client and can browse the internet only by a browser, the browser is suitable for users in a large range, and the interface design is simple and universal.

The second layer is a WEB server, which plays the role of information transfer. When a user wants to access the database, a request is sent to the WEB server at first, and the request for accessing the database is sent to the database server after the request is unified by the WEB server, wherein the request is realized by SQL statements.

The third tier is a database server that holds large amounts of data. When the database server receives the request of the WEB server, the SQL sentence is processed, the returned result is sent to the WEB server, and then the WEB server converts the received data result into an HTML text form and sends the HTML text form to the browser.

The C/S structure is suitable for a local area network, the requirement on network speed is high, the client interface lacks universality, and when the service is changed, the interface needs to be changed and rewritten. The B/S structure is suitable for realizing huge internet in a wide area network, even a global network, has strong information sharing performance and has low requirement on network speed; the client is not required to be installed, and the page can be browsed anytime and anywhere as long as the internet can be connected; the browser only processes some simple logic transactions, and the burden is small; data are stored in a database server in a centralized manner, so that the phenomenon of data inconsistency does not exist; the data platform and the management access authority can be effectively protected, and the data security of the server database is ensured. With the increase of the server load, the number of the servers can be smoothly increased, a cluster server system is built, and then load balancing is carried out among the servers.

In a word, the B/S structure has many advantages compared with the C/S structure, so that the pre-established protocol analysis function verification tool can be accessed to a network at any time by adopting the B/S structure to test the security gateway.

In this embodiment, by using the above scheme, the protocol parsing function verification tool is constructed based on a browser/server mode B/S structure by specifically encoding the different function data in the protocol parsing result. Based on the scheme, the B/S structure is adopted, so that the defects of the traditional C/S structure are overcome, the constructed protocol analysis function verification tool is high in expansibility, and can be accessed to a network at any time to perform a protocol function verification test.

Further, referring to fig. 13, fig. 13 is a schematic overall flow chart of the security gateway parsing function verification method of the present invention. The overall flow of the security gateway parsing function verification method is specifically described as follows:

the method comprises the STEPs of firstly constructing a protocol communication simulation environment according to programming software STEP 7 and a PLC, carrying out deep analysis on acquired protocol communication data in the protocol communication simulation environment to obtain an analysis result, and coding according to a corresponding protocol data format according to the analysis result to obtain a pre-established protocol analysis function verification tool which supports three functions, namely task function verification (Job function verification), user data function verification (Userdata function verification) and custom function verification. Wherein, the task function verification (Job function verification) is that all the main devices send protocol function verification information requests, and the security gateway verifies the analysis capability of the protocol on the breadth and the depth; user data function verification (Userdata function verification) is a verification protocol extension function, and verifies the breadth and depth analysis capability of a security gateway on a protocol; the custom function verification aims to accelerate verification efficiency, and all functions can be directly sent out by using the function so as to quickly verify the resolving capability of the security gateway. The tool is placed in communication with the PLC.

Because the protocol analysis function of the security gateway can effectively identify and process industrial protocols including the S7 protocol, the illegal control instruction cannot access the industrial control equipment, and thus malicious control attack behaviors are prevented. It should be noted that the illegal control command includes, but is not limited to, the following situations: 1) At normal business time, an unusual read command is suddenly presented. 2) Normal service time, PLC control commands that occur. However, the protocol resolution function of the security gateway is not always feasible, and once the function fails or identification is inaccurate, the industrial control network has a great potential safety hazard, and even the benefit of a factory is damaged, so that personal safety is endangered. Therefore, it is necessary to verify the protocol resolution capability of the security gateway, and for this purpose, the security gateway needs to be connected between the tool and the PLC and deploy relevant protocol resolution policies to start verifying protocol resolution validity.

Thirdly, the tool is used for initiating a function verification information request to the PLC, such as sending a specified function, changing the address field and value field parameters of the function and the like, and checking whether the security gateway is identified and analyzed; in addition, custom function verification may also be used in order to speed up testing. After the protocol communication data flow passes through the security gateway, the security gateway carries out deep analysis on the protocol communication data, and a tester can quickly verify the validity of the function by using the function.

Finally, the request result obtained by analyzing the protocol analysis function of the security gateway is presented as: the request sent by the pre-established protocol analysis function verification tool is consistent and inconsistent with the result obtained by the protocol analysis function analysis of the security gateway. If the request result is consistent with the request, an accurate verification result is obtained, which indicates that the security gateway can accurately identify the current function code, the address domain and the value domain, and the security gateway is perfect in function, can be normally used and does not need to be improved.

If the request result is inconsistent with the request, obtaining an unresolvable or inaccurate verification result, considering two cases, and if the unresolvable verification result is obtained according to the request result, indicating that the security gateway cannot identify the current function code, the address domain and the value domain, which indicates that the protocol deep resolution function needs to be perfected; if an inaccurate verification result is obtained according to the request result, the security gateway cannot fully recognize, for example, the function code can be recognized, but the function code cannot be recognized for the deeper address field and value field, which indicates that the security gateway needs to improve the protocol deep resolution function to support the deeper resolution.

According to the scheme, the interactive environment of the equipment is completely and truly restored, and the credibility of the function verification is improved; the protocol analysis function verification tool can comprehensively and deeply verify the protocol analysis function of the security gateway, and the breadth and depth of the supported function codes are obviously improved compared with those of the prior art; the user-defined function verification of the tool greatly improves the verification efficiency; and the tool has high expandability and can access newly discovered functions through an interface mode at any time.

In addition, an embodiment of the present invention further provides a security gateway parsing function verifying apparatus, where the security gateway parsing function verifying apparatus includes:

the acquisition module is used for acquiring functional information analyzed by a verification protocol, wherein the functional information comprises protocol data unit type information and/or parameter information;

and the verification module is used for performing multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result.

For the principle and implementation process of the security gateway parsing function verification implemented in this embodiment, please refer to the above embodiments, which are not described herein again.

In addition, an embodiment of the present invention further provides a terminal device, where the terminal device includes a memory, a processor, and a security gateway parsing function verification program that is stored in the memory and is capable of running on the processor, and when being executed by the processor, the security gateway parsing function verification program implements the steps of the security gateway parsing function verification method described above.

Since the security gateway parsing function verification program is executed by the processor, all technical solutions of all the embodiments are adopted, so that at least all the beneficial effects brought by all the technical solutions of all the embodiments are achieved, and detailed description is omitted here.

In addition, an embodiment of the present invention further provides a storage medium, where a security gateway parsing function verification program is stored on the storage medium, and when executed by a processor, the security gateway parsing function verification program implements the steps of the security gateway parsing function verification method described above.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or system comprising the element.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, a controlled terminal, or a network device) to execute the method of each embodiment of the present invention.

The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims

1. A security gateway analysis function verification method is characterized by comprising the following steps:

and performing multi-dimensional verification on the protocol analysis function of the security gateway according to the function information and a pre-established protocol analysis function verification tool to obtain a corresponding verification result.

2. The security gateway parsing function verification method of claim 1, wherein the step of performing multidimensional verification on the protocol parsing function of the security gateway according to the function information and a pre-established protocol parsing function verification tool to obtain a corresponding verification result comprises:

3. The security gateway parsing function verification method of claim 2, wherein the protocol data unit type information includes task function information and/or user data function information, the task function information includes task primary function information and/or task secondary function information, the user data function information includes user data primary function information and/or user data secondary function information, the verification function of the pre-established protocol parsing function tool includes task function verification, user data function verification and custom function verification, and the step of sending a corresponding function verification information request to the programmable logic controller through the pre-established protocol parsing function verification tool according to the function information includes:

4. The security gateway parsing function verifying method of claim 2, wherein the step of verifying the protocol parsing function of the security gateway according to the request result to obtain a corresponding verification result comprises:

if the request result is consistent with the function verification information request, obtaining an accurate verification result;

and if the request result is inconsistent with the functional verification information request, obtaining a verification result which cannot be analyzed or is inaccurate.

5. The security gateway parsing function authentication method of claim 1, wherein the step of obtaining authentication protocol parsed function information, the function information including protocol data unit type information or parameter information, is preceded by the step of:

constructing a protocol communication simulation environment;

6. The security gateway parsing function verification method of claim 5, wherein said step of obtaining a protocol parsing result in said protocol communication emulation environment comprises:

7. The security gateway parsing function verification method of claim 6, wherein the step of constructing the pre-established protocol parsing function verification tool according to the protocol parsing result comprises:

and coding according to the different functional data in the protocol analysis result, and constructing the protocol analysis function verification tool based on a browser/server mode B/S structure.

8. A security gateway parsing function verifying device, comprising:

9. A terminal device, characterized in that the terminal device comprises a memory, a processor and a security gateway parsing function authentication program stored on the memory and executable on the processor, the security gateway parsing function authentication program when executed by the processor implementing the steps of the security gateway parsing function authentication method according to any one of claims 1-7.

10. A storage medium having stored thereon a security gateway resolution function authentication program which, when executed by a processor, performs the steps of a security gateway resolution function authentication method as claimed in any one of claims 1 to 7.