CN115600218A - Industrial control program risk detection method and system - Google Patents
Industrial control program risk detection method and system Download PDFInfo
- Publication number
- CN115600218A CN115600218A CN202211432511.1A CN202211432511A CN115600218A CN 115600218 A CN115600218 A CN 115600218A CN 202211432511 A CN202211432511 A CN 202211432511A CN 115600218 A CN115600218 A CN 115600218A
- Authority
- CN
- China
- Prior art keywords
- industrial control
- simulation
- program
- risk
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Programmable Controllers (AREA)
Abstract
The invention relates to the technical field of industrial control safety, and particularly discloses an industrial control program risk detection method and system. The method comprises the steps of extracting industrial control program data and operation instruction information by acquiring design backup information; constructing a program risk detection environment and a program control detection environment; carrying out safety threat simulation on the industrial control program to obtain threat simulation record data; carrying out safe operation simulation on the industrial control program to obtain operation simulation record data; and marking an industrial control risk target and generating an industrial control risk detection result. The industrial control risk detection system can construct a program risk detection environment and a program control detection environment, further perform safety threat simulation on the industrial control program and perform safety operation simulation on the industrial control program, mark an industrial control risk target and generate an industrial control risk detection result, so that not only can the detection of safety holes be realized, the safety threats of the industrial control program be checked, but also the application of the industrial control program can be simulated and detected, and the application safety risks existing in the operation process of the industrial control program are reduced.
Description
Technical Field
The invention belongs to the technical field of industrial control safety, and particularly relates to an industrial control program risk detection method and system.
Background
Industrial control refers to industrial automation control and is mainly realized by combining electronics, electricity, machinery and software. I.e., industrial control systems, or factory automation. Industrial control security refers to data, network and system security of an industrial control system. With the rapid development of industrial informatization, the accelerated fusion of new-generation information technologies such as cloud computing, big data, artificial intelligence, internet of things and the like and manufacturing technologies, and industrial control systems are independently opened from original closure, interconnected from a single machine and intelligentized from automation. However, under the environmental background that industrial enterprises obtain huge development kinetic energy, a great deal of potential safety hazards are generated, and the industrial control safety faces a serious challenge.
In order to eliminate the potential safety hazard of industrial control, the risk detection of an industrial control program is required, and the existing industrial control program risk detection technology can only detect the security loophole of the industrial control program and check the security threat of the industrial control program, but cannot perform simulation detection on the application of the industrial control program, so that certain safety risk exists in the operation and application process of the industrial control program.
Disclosure of Invention
The embodiment of the invention aims to provide a method and a system for detecting industrial control program risks, and aims to solve the problems in the background art.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
a risk detection method for industrial control programs specifically comprises the following steps:
the method comprises the steps of obtaining design backup information of an industrial control target, and extracting industrial control program data and operation instruction information according to the design backup information;
constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information;
according to the program risk detection environment, carrying out safety threat simulation on an industrial control program, and carrying out simulation detection recording to obtain threat simulation recording data;
according to the program control detection environment, carrying out safe operation simulation on the industrial control program, and carrying out simulation detection recording to obtain operation simulation recording data;
and detecting and analyzing the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target, and generating an industrial control risk detection result.
As a further limitation of the technical solution of the embodiment of the present invention, the method further comprises the following steps:
and based on a big data technology, performing risk solution analysis on the industrial control risk detection result to generate risk solution reference information corresponding to a plurality of industrial control risk targets.
As a further limitation of the technical solution of the embodiment of the present invention, the obtaining of design backup information of an industrial control target and the extracting of industrial control program data and operation instruction information according to the design backup information specifically include the following steps:
acquiring design backup information of an industrial control target;
carrying out industrial control program identification and extraction on the design backup information to obtain industrial control program data;
and identifying and extracting the operation instruction of the design backup information to obtain operation instruction information.
As a further limitation of the technical solution of the embodiment of the present invention, the constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information specifically includes the following steps:
acquiring program safety test data corresponding to the industrial control program data based on a big data technology;
constructing a program risk detection environment according to the program safety test data;
analyzing the test requirement of the operation instruction information to obtain operation test requirement information;
and constructing a program control detection environment according to the operation test requirement information.
As a further limitation of the technical solution of the embodiment of the present invention, the simulating safety threat to the industrial control program according to the program risk detection environment, and performing the simulation detection record to obtain the threat simulation record data specifically include the following steps:
according to the program risk detection environment, performing security threat simulation planning to generate threat simulation planning information;
performing multiple rounds of safety threat simulation on an industrial control program based on the threat simulation planning information;
and recording the process of the multi-round security threat simulation to generate threat simulation recorded data.
As a further limitation of the technical solution of the embodiment of the present invention, the performing, according to the program control detection environment, the safety operation simulation on the industrial control program, and performing the simulation detection record to obtain the operation simulation record data specifically include the following steps:
carrying out process analysis on the operation instruction information to determine an industrial control operation sequence;
according to the program control detection environment, performing safe operation simulation planning to generate operation simulation planning information;
carrying out industrial control operation simulation according to the operation simulation planning information and the industrial control operation sequence;
and recording the process of industrial control operation simulation to generate operation simulation recorded data.
As a further limitation of the technical solution of the embodiment of the present invention, the detecting and analyzing the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target, and generating an industrial control risk detection result specifically includes the following steps:
performing program risk analysis according to the threat simulation record data to generate program analysis information;
performing operation risk analysis according to the operation simulation record data to generate operation analysis information;
integrating the program analysis information and the operation analysis information, and marking a plurality of industrial control risk targets;
and generating an industrial control risk detection result based on the plurality of industrial control risk targets.
The industrial control program risk detection system comprises a design backup processing unit, a detection environment construction unit, a safety threat simulation unit, a safety operation simulation unit and a detection analysis processing unit, wherein:
the design backup processing unit is used for acquiring design backup information of an industrial control target and extracting industrial control program data and operation instruction information according to the design backup information;
the detection environment construction unit is used for constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information;
the safety threat simulation unit is used for simulating the safety threat of the industrial control program according to the program risk detection environment, and carrying out simulation detection recording to obtain threat simulation recording data;
the safety operation simulation unit is used for carrying out safety operation simulation on the industrial control program according to the program control detection environment, carrying out simulation detection recording and obtaining operation simulation recording data;
and the detection analysis processing unit is used for carrying out detection analysis on the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target and generating an industrial control risk detection result.
As a further limitation of the technical solution of the embodiment of the present invention, designing the backup processing unit specifically includes:
the information acquisition module is used for acquiring design backup information of the industrial control target;
the program extraction module is used for carrying out industrial control program identification and extraction on the design backup information to obtain industrial control program data;
and the description extraction module is used for identifying and extracting the operation description of the design backup information to obtain the operation description information.
As a further limitation of the technical solution of the embodiment of the present invention, the safety operation simulation unit specifically includes:
the process analysis module is used for carrying out process analysis on the operation instruction information and determining an industrial control operation sequence;
the simulation planning module is used for controlling the detection environment according to the program, performing safe operation simulation planning and generating operation simulation planning information;
the operation simulation module is used for carrying out industrial control operation simulation according to the operation simulation planning information and the industrial control operation sequence;
and the process recording module is used for recording the process of industrial control operation simulation and generating operation simulation recorded data.
Compared with the prior art, the invention has the beneficial effects that:
the embodiment of the invention extracts industrial control program data and operation instruction information by acquiring design backup information; constructing a program risk detection environment and a program control detection environment; carrying out safety threat simulation on the industrial control program to obtain threat simulation record data; carrying out safe operation simulation on the industrial control program to obtain operation simulation record data; and marking an industrial control risk target and generating an industrial control risk detection result. The industrial control risk detection system can construct a program risk detection environment and a program control detection environment, further perform safety threat simulation on the industrial control program and perform safety operation simulation on the industrial control program, mark an industrial control risk target and generate an industrial control risk detection result, so that not only can the detection of safety holes be realized, the safety threats of the industrial control program be checked, but also the application of the industrial control program can be simulated and detected, and the application safety risks existing in the operation process of the industrial control program are reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention.
FIG. 1 shows a flow chart of a method provided by an embodiment of the invention;
FIG. 2 illustrates a further flow chart of a method provided by an embodiment of the present invention;
FIG. 3 is a flow chart illustrating the processing of design backup information in a method provided by an embodiment of the invention;
FIG. 4 is a flow chart illustrating a process of detecting the environment building in the method provided by the embodiment of the invention;
FIG. 5 is a flow chart illustrating simulation recording of security threats in a method provided by an embodiment of the invention;
FIG. 6 is a flow chart illustrating a secure operation simulation record in a method provided by an embodiment of the invention;
FIG. 7 is a flow chart illustrating a recorded data detection analysis in a method provided by an embodiment of the invention;
FIG. 8 illustrates an application architecture diagram for a system provided by an embodiment of the present invention;
FIG. 9 is a block diagram illustrating a design of a backup processing unit in the system according to an embodiment of the present invention;
fig. 10 shows a block diagram of a secure operation simulation unit in the system according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It can be understood that, in order to eliminate the potential safety hazard of the industrial control, the risk detection of the industrial control program needs to be performed, and in the prior art, the risk detection of the industrial control program can only be performed on the detection of a security vulnerability of the industrial control program itself to investigate the security threat of the industrial control program, but cannot be performed on the simulation detection of the application of the industrial control program, so that a certain safety risk exists in the operation and application process of the industrial control program.
In order to solve the above problems, in the embodiments of the present invention, design backup information is acquired, and industrial control program data and operation instruction information are extracted; constructing a program risk detection environment and a program control detection environment; carrying out safety threat simulation on the industrial control program to obtain threat simulation record data; carrying out safe operation simulation on the industrial control program to obtain operation simulation record data; and marking an industrial control risk target and generating an industrial control risk detection result. The industrial control risk detection system can construct a program risk detection environment and a program control detection environment, further perform safety threat simulation on the industrial control program and perform safety operation simulation on the industrial control program, mark an industrial control risk target and generate an industrial control risk detection result, so that not only can the detection of safety holes be realized, the safety threats of the industrial control program be checked, but also the application of the industrial control program can be simulated and detected, and the application safety risks existing in the operation process of the industrial control program are reduced.
Fig. 1 shows a flow chart of a method provided by an embodiment of the invention.
Specifically, the industrial control program risk detection method specifically comprises the following steps:
step S101, design backup information of an industrial control target is obtained, and industrial control program data and operation instruction information are extracted according to the design backup information.
In the embodiment of the invention, an industrial control target needing industrial control program risk detection is determined, design backup information of the industrial control target is obtained, the design backup information is analyzed, industrial control program identification and extraction are carried out from the design backup information to obtain industrial control program data, and operation description identification and extraction are carried out from the design backup information to obtain operation description information.
It can be understood that the industrial control target can be a small, neutral or large industrial control device, and can also be a whole industrial control production line; the industrial control target consists of a mechanical structure and an electrical program, and the mechanical structure is controlled through the electrical program to realize the work of the industrial control target; the design backup information contains operation instruction information corresponding to the operation of the industrial control target and interactive control industrial control program data corresponding to the operation, so that the corresponding industrial control program data and the operation instruction information can be respectively extracted from the design backup information.
Specifically, fig. 3 shows a flowchart of processing design backup information in the method provided by the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the obtaining of design backup information of an industrial control target and the extracting of industrial control program data and operation instruction information according to the design backup information specifically include the following steps:
step S1011, design backup information of the industrial control target is acquired.
Step S1012, performing industrial control program identification and extraction on the design backup information to obtain industrial control program data.
Step S1013, performing operation description identification and extraction on the design backup information to obtain operation description information.
Further, the industrial control program risk detection method further comprises the following steps:
and step S102, constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information.
In the embodiment of the invention, based on a big data technology, program safety test data corresponding to industrial control program data are obtained, then, according to the program safety test data, various test environment construction such as authentication, encryption, authorization and the like is carried out on the industrial control program, a program risk detection environment is obtained, test requirement analysis is carried out on operation description information, operation test requirement information corresponding to program application operation is obtained, and then, a program control detection environment is constructed according to the operation test requirement information.
Specifically, fig. 4 shows a flowchart of a detection environment construction process in the method provided by the embodiment of the present invention.
In a preferred embodiment of the present invention, the constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information specifically includes the following steps:
and S1021, acquiring program safety test data corresponding to the industrial control program data based on a big data technology.
And step S1022, constructing a program risk detection environment according to the program safety test data.
And step S1023, carrying out test requirement analysis on the operation description information to obtain operation test requirement information.
And step S1024, constructing a program control detection environment according to the operation test requirement information.
Further, the industrial control program risk detection method further comprises the following steps:
and S103, according to the program risk detection environment, performing safety threat simulation on the industrial control program, and performing simulation detection recording to obtain threat simulation recording data.
In the embodiment of the invention, according to a program risk detection environment, simulation planning is carried out on the test of the program security threat to generate threat simulation planning information, and then, according to the threat simulation planning information, multiple rounds of security threat simulation such as authentication, encryption, authorization and the like are carried out on an industrial control program, and data in the test process is recorded to generate threat simulation recording data.
It is to be appreciated that the security threat simulation specifically includes simulation of one or more of an anti-serialization vulnerability, an SQL injection attack, a bypass WAF attack, a Struct2 vulnerability, and the like.
Specifically, fig. 5 shows a flowchart of a security threat simulation record in the method provided by the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the simulating safety threat of the industrial control program according to the program risk detection environment, and performing simulated detection recording to obtain threat simulation recording data specifically include the following steps:
and step S1031, according to the program risk detection environment, performing security threat simulation planning, and generating threat simulation planning information.
And S1032, performing multiple rounds of safety threat simulation on the industrial control program based on the threat simulation planning information.
And step S1033, recording the process of the multi-round security threat simulation, and generating threat simulation recording data.
Further, the industrial control program risk detection method further comprises the following steps:
and step S104, according to the program control detection environment, carrying out safe operation simulation on the industrial control program, and carrying out simulation detection recording to obtain operation simulation recorded data.
In the embodiment of the invention, the operation instruction information is subjected to process analysis, an industrial control operation sequence is determined, safety operation simulation planning is carried out according to a program control detection environment, corresponding operation simulation planning information is generated according to the industrial control operation sequence, a corresponding operation process is simulated for an industrial control target according to the operation simulation planning information, the safety of the operation process is recorded, and operation simulation recorded data are generated.
Specifically, fig. 6 shows a flowchart of the simulation record of the secure operation in the method provided by the embodiment of the present invention.
In a preferred embodiment of the present invention, the performing, according to the program control detection environment, the safety operation simulation on the industrial control program, and performing the simulation detection record to obtain the operation simulation record data specifically includes the following steps:
and step S1041, performing process analysis on the operation instruction information, and determining an industrial control operation sequence.
Step S1042, performing a safe operation simulation planning according to the program control detection environment, and generating operation simulation planning information.
And S1043, performing industrial control operation simulation according to the operation simulation planning information and the industrial control operation sequence.
And step S1044, recording the process of industrial control operation simulation and generating operation simulation recorded data.
Further, the industrial control program risk detection method further comprises the following steps:
and S105, detecting and analyzing the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target, and generating an industrial control risk detection result.
In the embodiment of the invention, program risk analysis is carried out on threat simulation recorded data to judge whether a safety risk leak exists in an industrial control program or not, program analysis information is generated, operation risk analysis is carried out on operation simulation recorded data to judge whether a certain operation risk exists in a corresponding operation process of an industrial control target or not, the program analysis information and the operation analysis information are integrated, the positions with the safety risk leak and the operation risk are marked to obtain a plurality of industrial control risk targets, risks of the industrial control risk targets are summarized and analyzed, and an industrial control risk detection result is generated.
Specifically, fig. 7 shows a flowchart of detection and analysis of recorded data in the method provided in the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the detecting and analyzing the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target, and generating an industrial control risk detection result specifically includes the following steps:
and step S1051, carrying out program risk analysis according to the threat simulation record data to generate program analysis information.
And step S1052, performing operation risk analysis according to the operation simulation recorded data to generate operation analysis information.
And step S1053, integrating the program analysis information and the operation analysis information, and marking a plurality of industrial control risk targets.
And S1054, generating an industrial control risk detection result based on a plurality of industrial control risk targets.
Further, fig. 2 shows another flowchart of the method provided by the embodiment of the present invention.
Wherein, in a preferred embodiment provided by the present invention, the method further comprises the steps of:
and S106, performing risk solution analysis on the industrial control risk detection result based on a big data technology, and generating risk solution reference information corresponding to a plurality of industrial control risk targets.
Further, fig. 8 is a diagram illustrating an application architecture of the system according to the embodiment of the present invention.
In another preferred embodiment, the present invention provides an industrial control program risk detection system, including:
and the design backup processing unit 101 is configured to acquire design backup information of an industrial control target, and extract industrial control program data and operation instruction information according to the design backup information.
In the embodiment of the present invention, the design backup processing unit 101 determines an industrial control target that needs to be subjected to industrial control program risk detection, acquires design backup information of the industrial control target, performs industrial control program identification and extraction from the design backup information by analyzing the design backup information, obtains industrial control program data, and performs operation description identification and extraction from the design backup information, and obtains operation description information.
Specifically, fig. 9 shows a block diagram of a design backup processing unit 101 in the system according to the embodiment of the present invention.
In an embodiment of the present invention, the designing and backup processing unit 101 specifically includes:
the information obtaining module 1011 is configured to obtain design backup information of the industrial control target.
And the program extraction module 1012 is used for carrying out industrial control program identification and extraction on the design backup information to obtain industrial control program data.
And the description extracting module 1013 is configured to perform operation description identification and extraction on the design backup information to obtain operation description information.
Further, the industrial control program risk detection system further includes:
and the detection environment construction unit 102 is configured to construct a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information.
In the embodiment of the present invention, the detection environment construction unit 102 obtains program safety test data corresponding to the industrial control program data based on a big data technology, further performs various test environment constructions such as authentication, encryption, authorization, and the like on the industrial control program according to the program safety test data to obtain a program risk detection environment, and obtains operation test requirement information corresponding to the program application operation by performing test requirement analysis on the operation description information, and further constructs a program control detection environment according to the operation test requirement information.
And the safety threat simulation unit 103 is used for performing safety threat simulation on the industrial control program according to the program risk detection environment, performing simulation detection recording, and obtaining threat simulation recording data.
In the embodiment of the present invention, the security threat simulation unit 103 performs simulation planning on a test of the program security threat according to the program risk detection environment to generate threat simulation planning information, further performs multiple rounds of security threat simulation such as authentication, encryption, authorization, and the like on the industrial control program according to the threat simulation planning information, and records data in the test process to generate threat simulation recorded data.
And the safe operation simulation unit 104 is used for carrying out safe operation simulation on the industrial control program according to the program control detection environment, carrying out simulation detection recording and obtaining operation simulation recorded data.
In the embodiment of the present invention, the safety operation simulation unit 104 performs process analysis on the operation instruction information, determines an industrial control operation sequence, performs safety operation simulation planning according to a program control detection environment, generates corresponding operation simulation planning information according to the industrial control operation sequence, further simulates a corresponding operation process performed on an industrial control target according to the operation simulation planning information, records the safety of the operation process, and generates operation simulation recorded data.
Specifically, fig. 10 shows a block diagram of a secure operation simulation unit 104 in the system according to the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the safety operation simulation unit 104 specifically includes:
and a process analysis module 1041, configured to perform process analysis on the operation instruction information, and determine an industrial control operation sequence.
The simulation planning module 1042 is configured to perform a safe operation simulation planning according to the program control detection environment, and generate operation simulation planning information.
And an operation simulation module 1043, configured to perform industrial control operation simulation according to the operation simulation planning information and the industrial control operation sequence.
And the process recording module 1044 is configured to record a process of the industrial control operation simulation and generate operation simulation recorded data.
Further, the industrial control program risk detection system further includes:
and the detection analysis processing unit 105 is used for performing detection analysis on the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target and generating an industrial control risk detection result.
In the embodiment of the present invention, the detection analysis processing unit 105 performs program risk analysis on the threat simulation recorded data, determines whether a security risk leak exists in the industrial control program, generates program analysis information, performs operation risk analysis on the operation simulation recorded data, determines whether a certain operation risk exists in a corresponding operation process performed on an industrial control target, generates operation analysis information, synthesizes the program analysis information and the operation analysis information, marks positions where the security risk leak and the operation risk exist, obtains a plurality of industrial control risk targets, and performs summary analysis to generate an industrial control risk detection result.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, at least a portion of steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternatingly with other steps or at least a portion of sub-steps or stages of other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct Rambus Dynamic RAM (DRDRAM), and Rambus Dynamic RAM (RDRAM), among others.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is specific and detailed, but not to be understood as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent should be subject to the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. The industrial control program risk detection method is characterized by specifically comprising the following steps of:
the method comprises the steps of obtaining design backup information of an industrial control target, and extracting industrial control program data and operation instruction information according to the design backup information;
constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information;
according to the program risk detection environment, carrying out safety threat simulation on an industrial control program, and carrying out simulation detection recording to obtain threat simulation recording data;
according to the program control detection environment, carrying out safe operation simulation on the industrial control program, and carrying out simulation detection recording to obtain operation simulation recording data;
and detecting and analyzing the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target, and generating an industrial control risk detection result.
2. The industrial control program risk detection method according to claim 1, further comprising the steps of:
and based on a big data technology, performing risk solution analysis on the industrial control risk detection result to generate risk solution reference information corresponding to a plurality of industrial control risk targets.
3. The industrial control program risk detection method according to claim 1, wherein the step of obtaining design backup information of an industrial control target and extracting industrial control program data and operation instruction information according to the design backup information specifically comprises the steps of:
acquiring design backup information of an industrial control target;
carrying out industrial control program identification and extraction on the design backup information to obtain industrial control program data;
and identifying and extracting the operation instruction of the design backup information to obtain operation instruction information.
4. The industrial control program risk detection method according to claim 1, wherein the step of constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information specifically comprises the steps of:
acquiring program safety test data corresponding to the industrial control program data based on a big data technology;
constructing a program risk detection environment according to the program safety test data;
analyzing the test requirement of the operation instruction information to obtain operation test requirement information;
and constructing a program control detection environment according to the operation test requirement information.
5. The industrial control program risk detection method according to claim 1, wherein the steps of performing security threat simulation on the industrial control program according to the program risk detection environment, performing simulation detection recording, and obtaining threat simulation recording data specifically include the following steps:
according to the program risk detection environment, performing security threat simulation planning to generate threat simulation planning information;
performing multiple rounds of safety threat simulation on an industrial control program based on the threat simulation planning information;
and recording the process of the multi-round security threat simulation to generate threat simulation recorded data.
6. The industrial control program risk detection method according to claim 1, wherein the steps of performing the safety operation simulation on the industrial control program according to the program control detection environment, performing the simulation detection record, and obtaining the operation simulation record data specifically include:
carrying out process analysis on the operation instruction information to determine an industrial control operation sequence;
according to the program control detection environment, performing safe operation simulation planning to generate operation simulation planning information;
carrying out industrial control operation simulation according to the operation simulation planning information and the industrial control operation sequence;
and recording the process of industrial control operation simulation to generate operation simulation recorded data.
7. The industrial control program risk detection method according to claim 1, wherein the steps of performing detection analysis on the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target, and generating an industrial control risk detection result specifically include the steps of:
performing program risk analysis according to the threat simulation recorded data to generate program analysis information;
performing operation risk analysis according to the operation simulation recorded data to generate operation analysis information;
integrating the program analysis information and the operation analysis information, and marking a plurality of industrial control risk targets;
and generating an industrial control risk detection result based on the plurality of industrial control risk targets.
8. The industrial control program risk detection system is characterized by comprising a design backup processing unit, a detection environment construction unit, a safety threat simulation unit, a safety operation simulation unit and a detection analysis processing unit, wherein:
the design backup processing unit is used for acquiring design backup information of an industrial control target and extracting industrial control program data and operation instruction information according to the design backup information;
the detection environment construction unit is used for constructing a program risk detection environment and a program control detection environment according to the industrial control program data and the operation instruction information;
the safety threat simulation unit is used for simulating the safety threat of the industrial control program according to the program risk detection environment, and carrying out simulation detection recording to obtain threat simulation recording data;
the safety operation simulation unit is used for carrying out safety operation simulation on the industrial control program according to the program control detection environment, carrying out simulation detection recording and obtaining operation simulation recording data;
and the detection analysis processing unit is used for carrying out detection analysis on the threat simulation recorded data and the operation simulation recorded data, marking an industrial control risk target and generating an industrial control risk detection result.
9. The industrial control program risk detection system of claim 8, wherein designing the backup processing unit specifically comprises:
the information acquisition module is used for acquiring design backup information of the industrial control target;
the program extraction module is used for carrying out industrial control program identification and extraction on the design backup information to obtain industrial control program data;
and the description extraction module is used for identifying and extracting the operation description of the design backup information to obtain the operation description information.
10. The industrial control program risk detection system of claim 8, wherein the safety operation simulation unit specifically comprises:
the process analysis module is used for carrying out process analysis on the operation instruction information and determining an industrial control operation sequence;
the simulation planning module is used for controlling the detection environment according to the program, performing safe operation simulation planning and generating operation simulation planning information;
the operation simulation module is used for carrying out industrial control operation simulation according to the operation simulation planning information and the industrial control operation sequence;
and the process recording module is used for recording the process of industrial control operation simulation and generating operation simulation recorded data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211432511.1A CN115600218B (en) | 2022-11-16 | 2022-11-16 | Industrial control program risk detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211432511.1A CN115600218B (en) | 2022-11-16 | 2022-11-16 | Industrial control program risk detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115600218A true CN115600218A (en) | 2023-01-13 |
| CN115600218B CN115600218B (en) | 2023-03-21 |
Family
ID=84852932
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211432511.1A Active CN115600218B (en) | 2022-11-16 | 2022-11-16 | Industrial control program risk detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115600218B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116012971A (en) * | 2023-03-27 | 2023-04-25 | 中机生产力促进中心有限公司 | Mechanical equipment detection management method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130347116A1 (en) * | 2012-06-26 | 2013-12-26 | Zuclu Research, LLC | Threat evaluation system and method |
| CN106713341A (en) * | 2017-01-04 | 2017-05-24 | 成都四方伟业软件股份有限公司 | Network security early-warning method and system based on big data |
| CN110493200A (en) * | 2019-07-29 | 2019-11-22 | 电子科技大学 | A kind of industrial control system risk quantification analysis method based on threat map |
| CN113660296A (en) * | 2021-10-21 | 2021-11-16 | 中国核电工程有限公司 | Method and device for detecting anti-attack performance of industrial control system and computer equipment |
| CN113852504A (en) * | 2021-09-26 | 2021-12-28 | 北京工业大学 | Equal-protection-environment-oriented lightweight industrial control flow attack and defense simulation method |
-
2022
- 2022-11-16 CN CN202211432511.1A patent/CN115600218B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130347116A1 (en) * | 2012-06-26 | 2013-12-26 | Zuclu Research, LLC | Threat evaluation system and method |
| CN106713341A (en) * | 2017-01-04 | 2017-05-24 | 成都四方伟业软件股份有限公司 | Network security early-warning method and system based on big data |
| CN110493200A (en) * | 2019-07-29 | 2019-11-22 | 电子科技大学 | A kind of industrial control system risk quantification analysis method based on threat map |
| CN113852504A (en) * | 2021-09-26 | 2021-12-28 | 北京工业大学 | Equal-protection-environment-oriented lightweight industrial control flow attack and defense simulation method |
| CN113660296A (en) * | 2021-10-21 | 2021-11-16 | 中国核电工程有限公司 | Method and device for detecting anti-attack performance of industrial control system and computer equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116012971A (en) * | 2023-03-27 | 2023-04-25 | 中机生产力促进中心有限公司 | Mechanical equipment detection management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115600218B (en) | 2023-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107888554B (en) | Method and device for detecting server attack | |
| Wu et al. | Towards a SCADA forensics architecture | |
| CN115600218B (en) | Industrial control program risk detection method and system | |
| WO2020246944A1 (en) | Method and system for attack detection in a sensor network of a networked control system | |
| Zhang et al. | A novel data integrity attack detection algorithm based on improved grey relational analysis | |
| US12093027B1 (en) | Recognition method and system for safety behaviors in industrial control system for gas field | |
| Eden et al. | A cyber forensic taxonomy for scada systems in critical infrastructure | |
| Awad et al. | Towards generic memory forensic framework for programmable logic controllers | |
| de Azambuja et al. | Digital Twins in Industry 4.0–Opportunities and challenges related to Cyber Security | |
| Dietz et al. | Employing digital twins for security-by-design system testing | |
| Ghaeini et al. | Zero residual attacks on industrial control systems and stateful countermeasures | |
| Kim et al. | Android malware detection using multivariate time-series technique | |
| CN117675273A (en) | Network scanning behavior detection method and device | |
| Li et al. | Real-time monitoring for detection of adversarial subtle process variations | |
| CN116010951A (en) | Power block chain intelligent contract safety detection method, device, equipment and medium | |
| CN107317811A (en) | A kind of simulation PLC implementation method | |
| Zhu et al. | HoneyJudge: A PLC Honeypot Identification Framework Based on Device Memory Testing | |
| Patel et al. | Estimation of the time for steam generator trip due to cyber intrusions | |
| Zhao et al. | Research on software behavior modeling based on extended finite state automata | |
| Sundaram et al. | Validation of Covert Cognizance Active Defenses | |
| Fovino et al. | Distributed intrusion detection system for SCADA protocols | |
| CN118153049B (en) | Intelligent detection method and system for code security | |
| KR102556463B1 (en) | Social advanced persistent threat prediction system and method based on attacker group similarity | |
| Athalye et al. | Model-based cps attack detection techniques: Strengths and limitations | |
| CN117857157A (en) | Firewall threat detection method and system based on deep learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |