CN115801643B - Protocol analysis function test method and device, terminal equipment and storage medium - Google Patents

Protocol analysis function test method and device, terminal equipment and storage medium Download PDF

Info

Publication number
CN115801643B
CN115801643B CN202211333873.5A CN202211333873A CN115801643B CN 115801643 B CN115801643 B CN 115801643B CN 202211333873 A CN202211333873 A CN 202211333873A CN 115801643 B CN115801643 B CN 115801643B
Authority
CN
China
Prior art keywords
function
protocol
test
modbus protocol
testing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211333873.5A
Other languages
Chinese (zh)
Other versions
CN115801643A (en
Inventor
赵学全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing 6Cloud Technology Co Ltd
Beijing 6Cloud Information Technology Co Ltd
Original Assignee
Beijing 6Cloud Technology Co Ltd
Beijing 6Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing 6Cloud Technology Co Ltd, Beijing 6Cloud Information Technology Co Ltd filed Critical Beijing 6Cloud Technology Co Ltd
Priority to CN202211333873.5A priority Critical patent/CN115801643B/en
Publication of CN115801643A publication Critical patent/CN115801643A/en
Application granted granted Critical
Publication of CN115801643B publication Critical patent/CN115801643B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Abstract

The application discloses a method, a device, a terminal device and a storage medium for testing a protocol analysis function, wherein the method for testing the protocol analysis function comprises the following steps: acquiring communication data of a communication environment of a preset industrial protocol; carrying out deep analysis on the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data; creating a protocol test tool based on a function rule; and testing the protocol analysis function of the security gateway through a protocol testing tool to obtain a testing result. According to the method, the communication data of the Modbus communication environment are analyzed, the function rule is generalized to create the Modbus protocol testing tool, the Modbus protocol analysis function of the security gateway is tested through the protocol testing tool, a comprehensive testing result can be obtained, the problem that the security gateway tests the Modbus protocol in a testing stage is solved, the number of testing means is small, and the testing accuracy and the safety of the Modbus communication environment are improved.

Description

Protocol analysis function test method and device, terminal equipment and storage medium
Technical Field
The present application relates to the field of testing technologies of protocol analysis functions, and in particular, to a method, an apparatus, a terminal device, and a storage medium for testing a protocol analysis function.
Background
In an industrial field environment, industrial instrumentation of a plant is monitored using an industrial control system to achieve informative control of the plant. In order to control instruments, both parties need industrial protocols to realize communication. The Modbus protocol has the advantages of being open, simple, quick, easy to encode and the like, so that the Modbus protocol becomes an industry standard of a communication protocol in the industrial field and is the most common connection mode between industrial electronic equipment.
At present, a method for detecting the validity of a Modbus protocol analysis function of a security gateway is generally to configure a CLIENT-SERVER (CLIENT-SERVER) simulation environment by adopting a protocol simulator, then deploy the security gateway into a network, and finally test the protocol analysis function of the security gateway. However, the Modbus protocol simulator has few protocol analysis functions, only supports the test of a few functions such as reading and writing, and cannot accurately test the protocol analysis capability of the security gateway. In this way, modbus protocol parsing function testing of the security gateway is also involved in the stall.
Disclosure of Invention
The application mainly aims to provide a method, a device, terminal equipment and a storage medium for testing a protocol analysis function, and aims to solve the problem that a security gateway aims at a test stage of a Modbus protocol, has few test means and improves test accuracy and safety of a Modbus communication environment.
In order to achieve the above object, the present application provides a method for testing a protocol parsing function, the method for testing a protocol parsing function comprising:
acquiring communication data of a communication environment of a preset industrial protocol;
analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data;
creating a protocol test tool based on the functional rule;
and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result.
Optionally, the protocol analysis function includes a public function and a traversal scanning function, and the step of testing the protocol analysis function of the security gateway by the protocol testing tool to obtain a test result includes:
based on the public function, initiating a test request to a preset protocol controller through the protocol test tool;
and based on the traversing scanning function, identifying the test request through the security gateway to obtain the test result.
Optionally, the protocol parsing function further includes a private function, and the step of identifying the test request through the security gateway to obtain the test result includes:
Judging whether the security gateway successfully analyzes the test request or not based on the private function;
if the security gateway successfully analyzes the test request, an analysis result is obtained, and whether the test request is consistent with the analysis result is judged;
and if the test request is consistent with the analysis result, the protocol analysis function is perfect.
Optionally, the protocol parsing function further includes an unused function, and after the step of determining whether the security gateway successfully parses the test request based on the private function, the method further includes:
and if the security gateway cannot analyze the test request or the test request is inconsistent with the analysis result, acquiring other protocol analysis functions through the unused function.
Optionally, the step of analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data includes:
carrying out deep analysis on the communication data to obtain a key frame and a function code corresponding to the key frame;
and summarizing the key frames and the function codes to obtain the function rule.
Optionally, the step of creating a protocol test tool based on the functional rule includes:
Based on a preset browser and server structure, constructing and obtaining an initial protocol testing tool;
and based on the initial protocol testing tool and the function rule, performing coding reconstruction on each function of the industrial protocol to obtain the protocol testing tool.
Optionally, the step of acquiring communication data of a communication environment of a preset industrial protocol includes:
and acquiring the communication data through a preset flow grabbing tool.
The embodiment of the application also provides a device for testing the protocol analysis function, which comprises:
the acquisition module is used for acquiring communication data of a communication environment of a preset industrial protocol;
the analysis module is used for analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data;
the creation module is used for creating a protocol test tool based on the functional rule;
and the test module is used for testing the protocol analysis function of the security gateway through the protocol test tool to obtain a test result.
The embodiment of the application also provides a terminal device, which comprises a memory, a processor and a protocol analysis function test program stored on the memory and capable of running on the processor, wherein the protocol analysis function test program is executed by the processor to realize the steps of the protocol analysis function test method.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a test program of the protocol analysis function, and the test program of the protocol analysis function realizes the steps of the test method of the protocol analysis function when being executed by a processor.
The method, the device, the terminal equipment and the storage medium for testing the protocol analysis function provided by the embodiment of the application acquire the communication data of the communication environment of the preset industrial protocol; analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data; creating a protocol test tool based on the functional rule; and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result. The method is characterized in that communication data of the Modbus communication environment is analyzed, a function rule is generalized to create a Modbus protocol testing tool, the Modbus protocol analysis function of the security gateway is tested through the protocol testing tool, a comprehensive testing result can be obtained, the problem that the security gateway has few testing means in a testing stage of the Modbus protocol is solved, and testing accuracy and safety of the Modbus communication environment are improved. Based on the scheme of the application, starting from the problem of lacking a test protocol analysis function in a Modbus communication environment in an industrial environment, a test tool for the Modbus protocol analysis depth of an industrial security gateway is provided, the validity of the test method of the protocol analysis function provided by the application is verified on the test tool, and finally the security and the accuracy of the security gateway protocol analysis function tested by the method are obviously improved.
Drawings
FIG. 1 is a schematic diagram of functional modules of a terminal device to which a test device for protocol analysis function of the present application belongs;
FIG. 2 is a flow chart of a first exemplary embodiment of a method for testing a protocol parsing function according to the present application;
FIG. 3 is a schematic diagram of an industrial simulation environment involved in a testing method of the protocol parsing function of the present application;
FIG. 4 is a flow chart of a second exemplary embodiment of a method for testing a protocol resolution function according to the present application;
FIG. 5 is a configuration diagram of a protocol simulator according to the method for testing a protocol parsing function of the present application;
FIG. 6 is a schematic diagram illustrating communication of a protocol simulator according to the method for testing a protocol parsing function of the present application;
FIG. 7 is a real interactive environment test chart related to the test method of the protocol parsing function of the present application;
FIG. 8 is a flow chart of a third exemplary embodiment of a method for testing a protocol resolution function according to the present application;
FIG. 9 is a flowchart of a fourth exemplary embodiment of a method for testing a protocol resolution function according to the present application;
fig. 10 is a schematic diagram of a protocol rule related to a test method of a protocol parsing function according to the present application;
FIG. 11 is a flowchart of a fifth exemplary embodiment of a method for testing a protocol resolution function according to the present application;
FIG. 12 is a diagram of a sixth exemplary embodiment of a testing method for protocol resolution according to the present application;
fig. 13 is a schematic diagram of a seventh exemplary embodiment of a testing method of a protocol parsing function according to the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The main solutions of the embodiments of the present application are: acquiring communication data of a communication environment of a preset industrial protocol; analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data; creating a protocol test tool based on the functional rule; and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result. The method is characterized in that communication data of the Modbus communication environment is analyzed, a function rule is generalized to create a Modbus protocol testing tool, the Modbus protocol analysis function of the security gateway is tested through the protocol testing tool, a comprehensive testing result can be obtained, the problem that the security gateway has few testing means in a testing stage of the Modbus protocol is solved, and testing accuracy and safety of the Modbus communication environment are improved. Based on the scheme of the application, starting from the problem of lacking a test protocol analysis function in a Modbus communication environment in an industrial environment, a test tool for the Modbus protocol analysis depth of an industrial security gateway is provided, the validity of the test method of the protocol analysis function provided by the application is verified on the test tool, and finally the security and the accuracy of the security gateway protocol analysis function tested by the method are obviously improved.
The embodiment of the application considers that an industrial control system is used for monitoring industrial instruments of a factory in an industrial field environment so as to realize informationized control of the factory. In order to control instruments, both parties need industrial protocols to realize communication. The industrial protocol is an industrial control system communication protocol, for example: schneiderian Modbus protocol, siemens S7 protocol, rocweil CIP protocol, OPC DA, OPC UA, and the like. Among them, the Modbus protocol was published in 1979 by Modicon corporation (Schneider electric Schneider Electric) for communication using Programmable Logic Controllers (PLCs). The Modbus protocol has the advantages of being open, simple, quick, easy to encode and the like, so that the Modbus protocol becomes an industry standard of a communication protocol in the industrial field and is the most common connection mode between industrial electronic equipment. The Modbus protocol suffers from serious drawbacks as well: and (5) transmitting plaintext. Thus, this defect is exploited maliciously by people in environments where effective security policies are not deployed, which may cause problems such as industrial control system service termination, data tampering or loss. To protect industrial control network security, security gateways are emerging. The protocol analysis function in the security gateway can carry out deep recognition, detection and other processes on the Modbus protocol, so that illegal control instructions cannot access industrial control equipment, and the attack behavior of malicious control is prevented. However, the Modbus protocol resolution function of the security gateway is not permanent, and once the function fails or the identification is inaccurate, the industrial control network has a huge security threat, even the benefit of a factory is damaged, and the personal safety is endangered.
Therefore, the embodiment of the application provides a test tool for the Modbus protocol analysis depth of the industrial safety gateway by deeply analyzing the Modbus protocol and providing a comprehensive protocol test function, solves the problems of few test means and test accuracy of the safety gateway in the test stage of the Modbus protocol and improves the safety of the Modbus communication environment based on the problem of lack of test protocol analysis function of the Modbus communication environment in the industrial environment.
Specifically, referring to fig. 1, fig. 1 is a schematic functional block diagram of a terminal device to which a testing apparatus for a protocol analysis function of the present application belongs. The protocol analysis function test device may be a device independent of the terminal device and capable of performing a protocol analysis function test, and may be carried on the terminal device in a form of hardware or software. The terminal equipment can be an intelligent mobile terminal with a data processing function such as a mobile phone and a tablet personal computer, and can also be a fixed terminal equipment or a server with a data processing function.
In this embodiment, the terminal device to which the test device for the protocol analysis function belongs at least includes an output module 110, a processor 120, a memory 130 and a communication module 140.
The memory 130 stores an operating system and a test program of a protocol analysis function, and the test device of the protocol analysis function can obtain communication data of a communication environment of a preset industrial protocol; performing deep analysis on the communication data to obtain a functional rule of an industrial protocol corresponding to the communication data; based on the functional rule, a protocol test tool is created; the protocol analysis function of the security gateway is tested by the protocol test tool, and the obtained information such as test results is stored in the memory 130; the output module 110 may be a display screen or the like. The communication module 140 may include a WIFI module, a mobile communication module, a bluetooth module, and the like, and communicates with an external device or a server through the communication module 140.
Wherein, the test program of the protocol parsing function in the memory 130 realizes the following steps when being executed by the processor:
acquiring communication data of a communication environment of a preset industrial protocol;
analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data;
creating a protocol test tool based on the functional rule;
and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result.
Further, the test program of the protocol parsing function in the memory 130 when executed by the processor also implements the following steps:
based on the public function, initiating a test request to a preset protocol controller through the protocol test tool;
and based on the traversing scanning function, identifying the test request through the security gateway to obtain the test result.
Further, the test program of the protocol parsing function in the memory 130 when executed by the processor also implements the following steps:
judging whether the security gateway successfully analyzes the test request or not based on the private function;
if the security gateway successfully analyzes the test request, an analysis result is obtained, and whether the test request is consistent with the analysis result is judged;
and if the test request is consistent with the analysis result, the protocol analysis function is perfect.
Further, the test program of the protocol parsing function in the memory 130 when executed by the processor also implements the following steps:
and if the security gateway cannot analyze the test request or the test request is inconsistent with the analysis result, acquiring other protocol analysis functions through the unused function.
Further, the test program of the protocol parsing function in the memory 130 when executed by the processor also implements the following steps:
carrying out deep analysis on the communication data to obtain a key frame and a function code corresponding to the key frame;
and summarizing the key frames and the function codes to obtain the function rule.
Further, the test program of the protocol parsing function in the memory 130 when executed by the processor also implements the following steps:
based on a preset browser and server structure, constructing and obtaining an initial protocol testing tool;
and based on the initial protocol testing tool and the function rule, performing coding reconstruction on each function of the industrial protocol to obtain the protocol testing tool.
Further, the test program of the protocol parsing function in the memory 130 when executed by the processor also implements the following steps:
and acquiring the communication data through a preset flow grabbing tool.
According to the scheme, the communication data of the communication environment of the preset industrial protocol are obtained; analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data; creating a protocol test tool based on the functional rule; and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result. The method is characterized in that communication data of the Modbus communication environment is analyzed, a function rule is generalized to create a Modbus protocol testing tool, the Modbus protocol analysis function of the security gateway is tested through the protocol testing tool, a comprehensive testing result can be obtained, the problem that the security gateway has few testing means in a testing stage of the Modbus protocol is solved, and testing accuracy and safety of the Modbus communication environment are improved. Based on the scheme of the application, starting from the problem of lacking a test protocol analysis function in a Modbus communication environment in an industrial environment, a test tool for the Modbus protocol analysis depth of an industrial security gateway is provided, the validity of the test method of the protocol analysis function provided by the application is verified on the test tool, and finally the security and the accuracy of the security gateway protocol analysis function tested by the method are obviously improved.
The method embodiment of the application is proposed based on the above-mentioned terminal equipment architecture but not limited to the above-mentioned architecture.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first exemplary embodiment of a testing method for a protocol parsing function according to the present application. The test method of the protocol analysis function comprises the following steps:
step S210, obtaining communication data of a communication environment of a preset industrial protocol;
in particular, industrial protocols include, but are not limited to: schneider Modbus protocol (Modbus TCP protocol), siemens S7 protocol, rocweil CIP protocol, OPC DA, OPC UA, and the like. The embodiment of the application takes the Schneider Modbus protocol as a preference for example.
More specifically, at present, a simple and efficient tool for comprehensively testing the validity of industrial security gateway type products on Modbus protocol analysis is lacking. The essential difference between the industrial security gateway and the traditional security gateway is that the industrial security gateway needs to identify, detect, deeply parse and process more industrial protocols. Security gateway type products such as industrial firewalls, industrial audits, etc. In this context, a test tool for Modbus protocol parsing depth of an industrial security gateway is proposed.
First, an industrial simulation environment is built. As shown in fig. 3, fig. 3 is a schematic view of an industrial simulation environment related to a test method of a protocol analysis function according to the present application, and specifically shows a structure of the industrial simulation environment: monitoring software, programming software, switches, modcoin M580 (programmable logic controller) and industrial instrumentation.
Then, the specific steps of obtaining the Modbus communication data may include: deploying a flow grabbing tool on the host computer, and grabbing Modbus protocol data flow by using the flow grabbing tool, including but not limited to: modbus communication data between the industrial control device and the monitoring software and between the industrial control device and the programming software.
Step S220, analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data;
specifically, fig. 5 is a schematic diagram of a data structure related to a testing method of a protocol parsing function according to the present application. Interpretation and parsing of the captured data: and according to the analysis result, inducing protocol rules as follows: frame 8 (Function), data (data) after frame 9, and the like. Different values of the key frames represent different functions. For example, 0x010101 indicates reading the value of the 1-bit register from address 1. Thus, different data structures are summarized, and a functional rule is obtained.
Step S230, creating a protocol test tool based on the functional rule;
specifically, a Modbus protocol test tool is constructed: and performing coding reconstruction on the Modbus protocol for multiple times according to different functions by using a Python tool to form a set of highly automatic, extensible, complete and quick Modbus protocol testing tool. Modbus function simulation tests may be performed including, but not limited to: public function test, private function test, unused protocol function test, and protocol total traversal test.
Step S240, testing the protocol analysis function of the security gateway by the protocol testing tool, so as to obtain a test result.
Specifically, a specific function instruction is sent out from the tool to check whether the security gateway supports a corresponding protocol, so that the security gateway protocol analysis validity is tested. For example, test the functionality: and testing the Modbus protocol analysis function of the security gateway by using a Modbus protocol testing tool to obtain a corresponding result. And finally, the whole technical level of the security gateway is improved, and the network security of the industrial site is protected.
It should be noted that, in the embodiment of the application, the protocol testing tool adopts a modularized design, has strong expansibility, and can be accessed with newly discovered functions at any time; the industrial protocol testing breadth of the protocol testing tool is at least improved by 100%, the depth is at least improved by 40%, and the testing efficiency is improved by 20%; and moreover, based on a protocol testing tool formed by deep analysis of the protocol, the protocol testing tool is communicated with a real PLC, so that a real testing environment can be provided for the security gateway, namely, the testing environment provided by the protocol testing tool is more credible. In addition, the protocol test tool is used for comprehensively and deeply analyzing the Modbus protocol and providing comprehensive protocol test functions, and is not only aimed at partial public functions, but also used for testing the private functions of cores.
According to the scheme, the communication data of the communication environment of the preset industrial protocol are obtained; analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data; creating a protocol test tool based on the functional rule; and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result. The method is characterized in that communication data of the Modbus communication environment is analyzed, a function rule is generalized to create a Modbus protocol testing tool, the Modbus protocol analysis function of the security gateway is tested through the protocol testing tool, a comprehensive testing result can be obtained, the problem that the security gateway has few testing means in a testing stage of the Modbus protocol is solved, and testing accuracy and safety of the Modbus communication environment are improved.
Referring to fig. 4, fig. 4 is a flowchart illustrating a second exemplary embodiment of a testing method for a protocol parsing function according to the present application. Based on the embodiment shown in fig. 2, the protocol parsing function includes a public function and a traversal scanning function, and step S240, the step of testing the protocol parsing function of the security gateway by the protocol testing tool to obtain a test result includes:
Step S410, based on the public function, initiating a test request to a preset protocol controller through the protocol test tool;
specifically, the protocol test tool is communicated with the relevant Modcoin controller (model M580M 340 and the like). And then connecting the security gateway between the tool and the industrial controller, deploying a Modbus protocol analysis strategy, and starting to test the protocol analysis effectiveness. Then, a common function in the Modbus protocol test tool is used for initiating a test request, such as operations of sending a designated function, changing address domain and value domain parameters of the function and the like, and whether the security gateway is identified and resolved is checked. The public function scanning is used for testing all public functions of Modbus and testing the breadth and depth analysis capability of the security gateway to the protocol. Public function resolution test: the public functions used for communication between the industrial controller and the monitoring software were the published function tests of Modbus containing 13 publicly known public functions as shown in table 1 below. Various data points, such as discrete quantity and analog quantity, are established in the monitoring software to form a typical industrial field communication environment. The deep analysis is 0X01 is a read coil, 0X02 is read discrete quantity input, 0X03 is a read holding register and other functions, so that the protocol test tool supports the 13 common function code deep tests. Taking 0x05 (writing a single coil) as an example, the tool will support the timely adjustment and testing of function code, reference Number and Data, the meaning of each parameter is: specific functions, starting points of processing, results of processing.
Table 1 common functions
It should be noted that, in the current manner of detecting the validity of the Modbus protocol parsing function of the security gateway, a protocol simulator is generally used to configure a CLIENT-SERVER (CLIENT-SERVER) simulation environment. As shown in fig. 5, fig. 5 is a configuration diagram of a protocol simulator related to a test method of a protocol analysis function according to the present application. The analysis function of the security gateway is finally tested by adopting a protocol simulator to configure a CLIENT-SERVER (CLIENT-SERVER) simulation environment, then deploying the security gateway into a network. However, the protocol simulator supports very few protocol functions, so that the simulator also supports only a few tests of functions such as reading and writing, and the protocol analysis capability of the security gateway cannot be comprehensively tested. And the function is tested based on the simulation environment, and the test result has no strong persuasion. In this way, modbus protocol resolution function testing of the security gateway is also subject to stalling.
More specifically, the existing test methods are summarized as follows:
deployment strategy: and deploying Modbus protocol analysis strategies on the security gateway.
Configuration environment: and starting a Modbus protocol simulator, configuring a CLIENT-SERVER (simulator-PLC) to simulate a master-slave environment, and deploying a security gateway between communication networks.
Test function: the simulator initiates corresponding function requests, taking a 0x01 Read register as an example, the simulator initiates a Read command, the 8 th byte 0x01 of a data frame represents Read files, the 9 th byte and the 10 th byte represent the number of reads from the address 2, the 11 th byte and the 12 th byte represent the number of reads, after the data passes through the security gateway, a depth analysis rule is triggered, and an analysis result checks whether the data is the instruction or not. The simulator supports only few functions, not all 13 public functions (functions disclosed by Modbus protocol), nor private functions (functions not disclosed but used).
In view of the insufficient reliability tested by the first method, the second testing method is used for restoring the real industrial field network communication environment, the security gateway acquires the network communication flow in real time, carries out Modbus protocol deep analysis, and finally checks whether the analysis results are consistent.
The second test method is to test in a reliable environment, but compared with a simulator, the method has serious defects in supporting the test breadth and depth, because the data flow of the industrial field is relatively stable, all functions cannot occur, and the test efficiency is lower by using the method.
Fig. 6 is a schematic communication diagram of a protocol simulator related to a testing method of a protocol analysis function according to the present application, as shown in fig. 6. Because of the Modbus protocol simulators that are common at present, few protocol functions are supported, and only read and write functions such as function codes (0x01 0x02 0x03 0x04 and the like) are provided. The Modbus protocol functions may include primary functions including secondary sub-functions including tertiary sub-functions, etc., with the Modbus protocol comprising 127 (data frame, byte 8) primary functions, 13 public functions being disclosed, 3 private functions being disclosed, and a plurality of unused functions. Furthermore, most of the primary functions in the protocol also contain a large number of secondary functions (data frame 9, 10 bytes), such as private function 0x5a, which is not supported by such a function simulator. In conclusion, the protocol function breadth and depth supported by the simulator are less than 5%.
Fig. 7 is a real interactive environment test chart related to the test method of the protocol analysis function of the present application. The method is based on a real industrial field environment and tests the function of the security gateway. This method is different from the previous first method in terms of both breadth and depth. The reason is that in an industrial field environment, more than 90% of data is read-write operation of data between the monitoring software and the PLC, that is, only common functions (0 x01, 0x02, 0x03, etc.) appear. Private functions and other public functions do not appear or appear for a long time in the network. This environment supports only a few of the functions common to security gateway testing. And based on the real industrial environment, the data communication content is fixed, the data structure cannot be modified in real time, namely, parameters such as an address field, a value field and the like cannot be modified and tested according to requirements. The function test has serious limitation, after the security gateway is deployed in the current environment, the Modbus protocol analysis function cannot be effectively tested to use the real environment test function, the network environment is simple, and the Modbus protocol breadth and depth test is less than 4%.
Step S420, based on the traverse scanning function, identifies the test request through the security gateway, and obtains the test result.
Specifically, using the traversal scan function, all functions can be issued directly to quickly test the resolution capabilities of the security gateway. Through traversing the scanning function test, the analysis result of the security gateway is checked by sending the analysis result to the PLC through the security network Guan Fa, and the function test efficiency can be accelerated.
According to the scheme, the protocol testing tool initiates a testing request to a preset protocol controller based on the public function; and based on the traversing scanning function, identifying the test request through the security gateway to obtain the test result. The protocol testing tool initiates a testing request through a public function; by traversing the scanning function, the efficiency of functional testing can be increased.
Referring to fig. 8, fig. 8 is a flowchart illustrating a third exemplary embodiment of a method for testing a protocol parsing function according to the present application. Based on the embodiment shown in fig. 4, the protocol parsing function further includes a private function and an unused function, and step S420, the security gateway is used to identify the test request, so as to obtain the test result, which includes:
Step 810, based on the private function, judging whether the security gateway successfully analyzes the test request;
specifically, based on the private function of the protocol test tool, whether the security gateway successfully analyzes the test request is judged. The private function scanning is used for testing functions of Modbus except public functions and testing the breadth and depth analysis capability of the security gateway to the protocol. For example, proprietary function resolution test: the function used for communication between the PLC and the programming software belongs to a private function, and the Modbus protocol comprises 4 main private codes. Of which most important is 0x5a (primary function code) which is used by engineers to debug Modcoin PLCs, and which also contains a plurality of secondary function codes, such as control PLCs to start, stop, reset, monitor variables, download programs, upload programs, etc. According to the reverse technology, the represented specific meanings of the address domain and the value domain of the corresponding function can be obtained. If the programming software is used for issuing a 'start PLC' instruction, the function code uniformly used by the programming debugging instruction is 0x5a (primary function code). When the PLC is required to stop working, the first-level function is immediately followed by 0x41 (second-level function code), and after the function is started, the PLC stops working. For example, "program to PLC", the private code 0x5a is used, and when 0x30 is used as the secondary function code, the program to PLC is issued. By continuously adjusting the parameters of the secondary function code, after summarizing the communication relationship between the PLC and the programming software, the tool supports 32 sub-function tests.
Step S820, if the security gateway successfully analyzes the test request, an analysis result is obtained, and whether the test request is consistent with the analysis result is judged;
specifically, the test request includes, but is not limited to, a function code, an address field, a value field. The security gateway analyzes one or more of the function code, the address field and the value field of the test request, if the analysis is successful, the analysis result is obtained, but it still cannot be determined whether other values except the current analysis are consistent, so that it is further required to determine whether the address field and the value field are consistent. For example, the security gateway analyzes the function code of the test request, and if the analysis is successful, further judges whether the address field and the value field of the test request are consistent with those of the analysis result.
Further, step S821, if the security gateway cannot analyze the test request or the test request is inconsistent with the analysis result, acquiring other protocol analysis functions through the unused function;
specifically, the security gateway cannot analyze the function code of the test request, that is, cannot identify one or more of the current function code, address field and value field, and the unused function scan is to test the functions that are not found and are not used, so as to find out whether the security gateway has a deep analysis deviation. Therefore, it is necessary to perfect the deep parsing function of the protocol and the protocol test tools to support the Modbus protocol parsing. By unused functional analytical test: and testing whether the security gateway protocol deep analysis function has missing functions. It should be noted that the Modbus protocol does not involve public and private functions, and is tested as an unused function.
Step S830, if the test request is consistent with the analysis result, the protocol analysis function is complete.
Specifically, if the request sent by the protocol testing tool is consistent with the analysis result of the security gateway, the current function code, address field and value field can be accurately identified, which indicates that the security gateway has perfect function and does not need improvement.
Further, in step S831, if the test request is inconsistent with the analysis result, other protocol analysis functions are obtained through the unused function.
Specifically, the analysis result is inaccurate: the security gateway cannot completely identify the function code if the request sent by the protocol testing tool can identify the function code, but cannot identify the deeper address domain and value domain, which indicates that the security gateway also needs to improve the protocol deep parsing function to support the deeper parsing. Unused functionality scanning is testing of the undiscovered and unused functionality to find out if a deep resolution bias occurs in the security gateway. Thus, by unused functional resolution testing: and testing whether the security gateway protocol deep analysis function has missing functions.
According to the scheme, whether the security gateway successfully analyzes the test request is judged specifically based on the private function; if the security gateway successfully analyzes the test request, an analysis result is obtained, and whether the test request is consistent with the analysis result is judged; if the security gateway cannot analyze the test request or the test request is inconsistent with the analysis result, acquiring other protocol analysis functions through the unused function; if the test request is consistent with the analysis result, the protocol analysis function is perfect; and if the test request is inconsistent with the analysis result, acquiring other protocol analysis functions through the unused function. The confidentiality of Modbus communication environment is improved by analyzing the test request through the private function; through the other analysis functions which are not needed to be omitted, the problem that the testing means is not comprehensive enough can be solved, the functions which are not mined are supplemented, and the safety of the Modbus communication environment is improved.
Referring to fig. 9, fig. 9 is a flowchart of a fourth exemplary embodiment of a testing method of a protocol parsing function according to the present application. Based on the embodiment shown in fig. 2, step S220 of analyzing the communication data to obtain a functional rule of an industrial protocol corresponding to the communication data includes:
step S910, performing deep parsing on the communication data to obtain a key frame and a function code corresponding to the key frame;
specifically, the captured data is interpreted and deeply parsed to obtain parsed data. And according to the analyzed data, summarizing the protocol function rule.
And step S920, summarizing the key frames and the function codes to obtain the function rule.
Specifically, key frames and function codes are summarized to obtain a function rule. For example, as shown in fig. 10, fig. 10 is a schematic diagram of a protocol rule related to a test method of a protocol analysis function according to the present application. For example, the data (data) after the 8 th frame (Function) and the 9 th frame indicate different functions with different values of the key frame. If 0x010101 indicates that the 1-bit register is read from address 1, other functional rules are summarized according to the data structure. Thus, according to the functional rule, a corresponding protocol test tool is constructed.
According to the scheme, the key frames and the function codes corresponding to the key frames are obtained by carrying out deep analysis on the communication data; and summarizing the key frames and the function codes to obtain the function rule. By summarizing the key frames of the communication data and the corresponding function codes to obtain the function rules, the problem that the safety gateway has few testing means aiming at the testing stage of the Modbus protocol can be solved, and the testing accuracy and the safety of the Modbus communication environment are improved.
Referring to fig. 11, fig. 11 is a flowchart of a fifth exemplary embodiment of a testing method of a protocol parsing function according to the present application. Based on the embodiment shown in fig. 2, step S230, creating a protocol testing tool based on the functional rule includes:
step S1110, constructing and obtaining an initial protocol testing tool based on a preset browser and server structure;
step S1120, based on the initial protocol testing tool and the function rule, performing encoding reconstruction for each function of the industrial protocol to obtain the protocol testing tool.
Specifically, the browser and server structure is used to construct an initial protocol testing tool, so that the protocol testing tool can establish communication with the industrial controller in real time to test the security gateway. In this embodiment, the browser and server architecture is preferred to the B/S architecture.
The specific steps for constructing the Modbus protocol test tool can be as follows: creating an initial protocol testing tool based on the B/S structure; and then, using a Python tool to carry out coding reconstruction on the Modbus protocol for multiple times according to different functions to form a set of highly automatic, extensible, complete and quick Modbus protocol testing tool. As such, modbus function simulation tests may be performed, including but not limited to: public function test, private function test, unused protocol function test, and protocol traversal scan function test.
According to the scheme, the initial protocol testing tool is constructed and obtained based on a preset browser and server structure; and based on the initial protocol testing tool and the function rule, performing coding reconstruction on each function of the industrial protocol to obtain the protocol testing tool. The protocol testing tool can establish communication with the industrial controller in real time and test the security gateway based on the browser and server structure, so that the convenience of protocol function testing is improved; by carrying out coding reconstruction on each function, the problem of few testing means in the testing stage of the security gateway aiming at the Modbus protocol can be solved.
Referring to fig. 12, fig. 12 is a flowchart of a sixth exemplary embodiment of a testing method of a protocol parsing function according to the present application. Based on the embodiment shown in fig. 2, step S210, obtaining communication data of a communication environment of a preset industrial protocol includes:
step S1210, obtaining the communication data through a preset flow grabbing tool.
Specifically, the flow grabbing tool is used for acquiring communication data of a communication environment of a preset industrial protocol, including but not limited to Wireshark, tcptrace, QPA, tstat, capAnalysis, xplico, and the embodiment of the application is preferably selected by Wireshark.
As shown in fig. 3, the industrial simulation environment specifically includes: the upper computer is configured with a configuration king (monitoring software) and programming software (Unity pro xl), a switch, a programmable logic controller (Modcoin M580) and industrial instruments and meters to form a small industrial control Modbus communication environment.
Then, in the Modbus communication environment, the specific steps of obtaining the Modbus communication data may include: the flow grabbing tool is deployed on the upper computer, and Modbus protocol data flow is grabbed by using the flow grabbing tool, which specifically comprises but is not limited to: modbus communication data between the industrial control device and the monitoring software and between the industrial control device and the programming software. Wherein, the Wireshark is simple to operate and has low running cost for users.
According to the embodiment, through the scheme, the communication data are acquired through a preset flow grabbing tool; analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data; creating a protocol test tool based on the functional rule; and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result. Communication data of a communication environment of a preset industrial protocol is acquired through the flow grabbing tool to acquire a function rule, and a protocol testing tool is created, so that the running cost is reduced, and the operation complexity of protocol function testing is improved.
Referring to fig. 13, fig. 13 is a schematic diagram of a seventh exemplary embodiment of a testing method of a protocol parsing function according to the present application. The protocol test tool and the Modcoin controller (model M580M 340 and the like) can be communicated. And connecting the security gateway between the tool and the PLC, and deploying a Modbus protocol analysis strategy, so that the validity of protocol analysis can be tested. By initiating a request using the Modbus protocol test tool, such as sending a specified function, changing the address and value range parameters of the function, etc., it is checked whether the security gateway recognizes and parses.
According to the embodiment of the application, the test efficiency can be obviously improved through a protocol test tool; the protocol tester has high expandability and can access the newly discovered function in an interface mode at any time; in addition, the real equipment interaction environment is completely restored, and the functional test reliability is improved.
In addition, the embodiment of the application also provides a testing device of the protocol analysis function, which comprises:
the acquisition module is used for acquiring communication data of a communication environment of a preset industrial protocol;
the analysis module is used for analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data;
the creation module is used for creating a protocol test tool based on the functional rule;
and the test module is used for testing the protocol analysis function of the security gateway through the protocol test tool to obtain a test result.
The principle and implementation process of the protocol analysis function are implemented in this embodiment, please refer to the above embodiments, and are not described herein.
In addition, the embodiment of the application also provides a terminal device, which comprises a memory, a processor and a test program of the protocol analysis function, wherein the test program of the protocol analysis function is stored in the memory and can run on the processor, and the test program of the protocol analysis function realizes the steps of the test method of the protocol analysis function when being executed by the processor.
Because the test program of the protocol analysis function is executed by the processor, all the technical schemes of all the embodiments are adopted, and therefore, the test program at least has all the beneficial effects brought by all the technical schemes of all the embodiments, and the test program is not repeated herein.
In addition, the embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a test program of the protocol analysis function, and the test program of the protocol analysis function realizes the steps of the test method of the protocol analysis function when being executed by a processor.
Because the test program of the protocol analysis function is executed by the processor, all the technical schemes of all the embodiments are adopted, and therefore, the test program at least has all the beneficial effects brought by all the technical schemes of all the embodiments, and the test program is not repeated herein.
Compared with the prior art, the method, the device, the terminal equipment and the storage medium for testing the protocol analysis function are provided by the embodiment of the application, and the communication data of the communication environment of the preset industrial protocol is obtained; analyzing the communication data to obtain the functional rule of the industrial protocol corresponding to the communication data; creating a protocol test tool based on the functional rule; and testing the protocol analysis function of the security gateway through the protocol testing tool to obtain a testing result. The method is characterized in that communication data of the Modbus communication environment is analyzed, a function rule is generalized to create a Modbus protocol testing tool, the Modbus protocol analysis function of the security gateway is tested through the protocol testing tool, a comprehensive testing result can be obtained, the problem that the security gateway has few testing means in a testing stage of the Modbus protocol is solved, and testing accuracy and safety of the Modbus communication environment are improved. Based on the scheme of the application, starting from the problem of lacking a test protocol analysis function in a Modbus communication environment in an industrial environment, a test tool for the Modbus protocol analysis depth of an industrial security gateway is provided, the validity of the test method of the protocol analysis function provided by the application is verified on the test tool, and finally the security and the accuracy of the security gateway protocol analysis function tested by the method are obviously improved.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, a controlled terminal, or a network device, etc.) to perform the method of each embodiment of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the application, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (7)

1. The test method of the Modbus protocol analysis function is characterized by comprising the following steps of:
acquiring communication data of a communication environment of a preset industrial Modbus protocol;
analyzing the communication data to obtain the function rule of the industrial Modbus protocol corresponding to the communication data;
creating a Modbus protocol test tool based on the function rule and a preset browser and server structure;
testing the Modbus protocol analysis function of the security gateway through the Modbus protocol testing tool to obtain a testing result;
the Modbus protocol analysis function comprises a public function and a traversal scanning function, and the Modbus protocol analysis function of the security gateway is tested by the Modbus protocol testing tool, so that the step of obtaining a test result comprises the following steps:
Based on the public function, initiating a test request to a preset Modbus protocol controller through the Modbus protocol test tool, wherein the test request is used for debugging the Modbus protocol controller;
based on the traversal scanning function, the security gateway is used for identifying the test request to obtain the test result;
the Modbus protocol analysis function further comprises a private function, the private function is integrated with a plurality of primary function codes and a plurality of secondary function codes of the industrial Modbus protocol in advance according to a preset reverse technology, the test request is identified through the security gateway, and the step of obtaining the test result comprises the following steps:
testing the plurality of primary function codes and the plurality of secondary function codes through the private function, and judging whether the security gateway successfully analyzes the test request;
if the security gateway successfully analyzes the test request, an analysis result is obtained, and whether the test request is consistent with the analysis result is judged;
if the test request is consistent with the analysis result, the Modbus protocol analysis function is perfect;
If the security gateway cannot analyze the test request or the test request is inconsistent with the analysis result, other Modbus protocol analysis functions are acquired through unused functions.
2. The method for testing a Modbus protocol parsing function according to claim 1, wherein the step of parsing the communication data to obtain the functional rules of the industrial Modbus protocol corresponding to the communication data includes:
carrying out deep analysis on the communication data to obtain a key frame and a function code corresponding to the key frame;
and summarizing the key frames and the function codes to obtain the function rule.
3. The method for testing a Modbus protocol parsing function according to claim 1, wherein the step of creating a Modbus protocol testing tool based on the functional rules and a preset browser and server structure comprises:
constructing and obtaining an initial Modbus protocol test tool based on the browser and server structure;
and based on the initial Modbus protocol testing tool and the function rule, performing coding reconstruction on each function of the industrial Modbus protocol to obtain the Modbus protocol testing tool.
4. The method for testing a Modbus protocol parsing function according to claim 1, wherein the step of obtaining communication data of a communication environment of a preset industrial Modbus protocol comprises:
and acquiring the communication data through a preset flow grabbing tool.
5. The device for testing the Modbus protocol analysis function is characterized by comprising the following components:
the acquisition module is used for acquiring communication data of a communication environment of a preset industrial Modbus protocol;
the analysis module is used for analyzing the communication data to obtain the function rule of the industrial Modbus protocol corresponding to the communication data;
the creation module is used for creating a Modbus protocol test tool based on the functional rule and a preset browser and server structure;
the test module is used for testing the Modbus protocol analysis function of the security gateway through the Modbus protocol test tool to obtain a test result;
wherein the Modbus protocol parsing function comprises a public function and a traversal scanning function,
the test module is further configured to initiate a test request to a preset Modbus protocol controller through the Modbus protocol test tool based on the public function, where the test request is used for debugging the Modbus protocol controller; based on the traversal scanning function, the security gateway is used for identifying the test request to obtain the test result;
Wherein the Modbus protocol analysis function also comprises a private function, the private function is pre-integrated with a plurality of primary function codes and a plurality of secondary function codes of the industrial Modbus protocol according to a preset reverse technology,
the test module is further configured to test the plurality of primary function codes and the plurality of secondary function codes through the private function, and determine whether the security gateway successfully analyzes the test request; if the security gateway successfully analyzes the test request, an analysis result is obtained, and whether the test request is consistent with the analysis result is judged; if the test request is consistent with the analysis result, the Modbus protocol analysis function is perfect; if the security gateway cannot analyze the test request or the test request is inconsistent with the analysis result, other Modbus protocol analysis functions are acquired through unused functions.
6. A terminal device, characterized in that the terminal device comprises a memory, a processor and a test program of a Modbus protocol parsing function stored on the memory and executable on the processor, which test program of the Modbus protocol parsing function, when executed by the processor, implements the steps of the test method of the Modbus protocol parsing function according to any of claims 1-4.
7. A computer readable storage medium, wherein a test program of a Modbus protocol parsing function is stored on the computer readable storage medium, and the test program of the Modbus protocol parsing function, when executed by a processor, implements the steps of the test method of the Modbus protocol parsing function as set forth in any one of claims 1-4.
CN202211333873.5A 2022-10-28 2022-10-28 Protocol analysis function test method and device, terminal equipment and storage medium Active CN115801643B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211333873.5A CN115801643B (en) 2022-10-28 2022-10-28 Protocol analysis function test method and device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211333873.5A CN115801643B (en) 2022-10-28 2022-10-28 Protocol analysis function test method and device, terminal equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115801643A CN115801643A (en) 2023-03-14
CN115801643B true CN115801643B (en) 2023-09-22

Family

ID=85434249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211333873.5A Active CN115801643B (en) 2022-10-28 2022-10-28 Protocol analysis function test method and device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115801643B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027511A (en) * 2016-05-13 2016-10-12 北京工业大学 Protocol isolation method based on deep resolution of Modbus/TCP (Transmission Control Protocol)
CN110618942A (en) * 2019-09-20 2019-12-27 北京天地和兴科技有限公司 Rapid test method for fine-grained control of industrial control protocol
CN111123888A (en) * 2019-12-19 2020-05-08 江苏中天科技软件技术有限公司 Industrial control protocol testing method and system, electronic equipment and storage medium
CN112153079A (en) * 2020-11-18 2020-12-29 福州大学 Reference gateway device and method for industrial internet gateway test
CN113542299A (en) * 2021-07-29 2021-10-22 国家工业信息安全发展研究中心 Industrial internet vulnerability mining method and system based on fuzzy test
CN114338104A (en) * 2021-12-15 2022-04-12 北京六方云信息技术有限公司 Security gateway parsing function verification method, device, equipment and storage medium
CN114978782A (en) * 2022-08-02 2022-08-30 北京六方云信息技术有限公司 Industrial control threat detection method and device, industrial control equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027511A (en) * 2016-05-13 2016-10-12 北京工业大学 Protocol isolation method based on deep resolution of Modbus/TCP (Transmission Control Protocol)
CN110618942A (en) * 2019-09-20 2019-12-27 北京天地和兴科技有限公司 Rapid test method for fine-grained control of industrial control protocol
CN111123888A (en) * 2019-12-19 2020-05-08 江苏中天科技软件技术有限公司 Industrial control protocol testing method and system, electronic equipment and storage medium
CN112153079A (en) * 2020-11-18 2020-12-29 福州大学 Reference gateway device and method for industrial internet gateway test
CN113542299A (en) * 2021-07-29 2021-10-22 国家工业信息安全发展研究中心 Industrial internet vulnerability mining method and system based on fuzzy test
CN114338104A (en) * 2021-12-15 2022-04-12 北京六方云信息技术有限公司 Security gateway parsing function verification method, device, equipment and storage medium
CN114978782A (en) * 2022-08-02 2022-08-30 北京六方云信息技术有限公司 Industrial control threat detection method and device, industrial control equipment and storage medium

Also Published As

Publication number Publication date
CN115801643A (en) 2023-03-14

Similar Documents

Publication Publication Date Title
CN108600193B (en) Industrial control honeypot identification method based on machine learning
Hadžiosmanović et al. Through the eye of the PLC: semantic security monitoring for industrial processes
CN106484611B (en) Fuzzy test method and device based on automatic protocol adaptation
CN105094783B (en) method and device for testing stability of android application
CN111026645B (en) User interface automatic test method and device, storage medium and electronic equipment
CN111240973B (en) Equipment testing method and system based on simulation and readable storage medium
CN105787364B (en) Automatic testing method, device and system for tasks
CN113315767B (en) Electric power internet of things equipment safety detection system and method
CN102123058A (en) Test equipment and method for testing network protocol decoder
CN111181805B (en) Micro-service test baffle generation method and system based on test case
CN114371682B (en) PLC control logic attack detection method and device
CN112540924A (en) Interface automation test method, device, equipment and storage medium
CN114338104B (en) Security gateway analysis function verification method, device, equipment and storage medium
CN107168844B (en) Performance monitoring method and device
CN111143213A (en) Software automation test method and device and electronic equipment
CN113778879A (en) Fuzzy test method and device for interface
CN113179194A (en) OPC protocol gateway test system and method
CN116346456A (en) Business logic vulnerability attack detection model training method and device
CN115801643B (en) Protocol analysis function test method and device, terminal equipment and storage medium
CN114002987A (en) Method, device, electronic equipment and medium for acquiring log information
Cook et al. Introducing a forensics data type taxonomy of acquirable artefacts from programmable logic controllers
CN111949548A (en) Automatic unauthorized penetration testing method and storage device
CN111625448A (en) Protocol packet generation method, device, equipment and storage medium
CN115514677A (en) Server dial testing method and system
CN113206849B (en) Vulnerability scanning method and device based on ghidra and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant