Vulnerability discovery method and device for private protocol of control equipment

A technology of private protocol and control equipment, applied in the direction of comprehensive factory control, digital transmission system, data exchange network, etc., can solve problems such as low efficiency of vulnerability mining

Active Publication Date: 2021-10-01
INST OF INFORMATION ENG CAS +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention proposes a fuzzy testing vulnerability mining method based on message-driven and information-physical integrated monitoring for industrial control equipment, and solves the vulnerability mining efficiency caused by the unknown grammar, semantics, timing sequence and unknown device function dependencies of traditional vulnerability mining tools. Low-level problems, as well as the missing report problem caused by the fact that embedded devices do not have a GUI and cannot obtain device abnormal information, achieve the purpose of effectively discovering security defects in the implementation of private protocols for industrial control devices

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability discovery method and device for private protocol of control equipment
  • Vulnerability discovery method and device for private protocol of control equipment
  • Vulnerability discovery method and device for private protocol of control equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0043] In order to effectively discover the security flaws in the protocol implementation process of industrial control equipment, solve the problem of low efficiency of traditional vulnerability mining tools for black-box fuzz testing of industrial control equipment, and the syntax, semantics, timing and functional constraints of private prot...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a vulnerability discovery method and device for a control equipment private protocol, electronic equipment and a storage medium. The vulnerability discovery method for the control equipment private protocol comprises the following steps: sniffing communication flow generated in a process of communicating with industrial control equipment through engineering software; generating an initial test tuple based on the communication traffic, marking a part of messages of the initial test tuple as seeds, and generating a test case based on the seeds; guiding the state of the industrial control equipment and verifying the legality of network connection based on the initial test tuple; and testing the industrial control equipment based on the test case, and discovering abnormity of the industrial control equipment by monitoring an output signal waveform and a network state of the industrial control equipment. According to the method provided by the invention, the state of the control equipment is guided by using the message sequence, and the test case is generated, so that security vulnerabilities of the industrial control equipment can be effectively found.

Description

technical field [0001] The invention relates to the technical fields of network protocol implementation security, Internet of Things / industrial control equipment security and security testing, and in particular to a vulnerability discovery method, device, electronic equipment and storage medium for private protocols of control equipment. Background technique [0002] With the development of the Industrial Internet, information technology and operational technology tend to converge. The application of fusion technology breaks the original closedness and isolation of industrial control systems, which not only improves production efficiency, but also increases the probability of industrial control equipment facing network threats. Moreover, the purpose of attacks on industrial control systems is often to have an impact on the physical world, so control devices are more likely to become the target of attackers, who trigger vulnerabilities in devices through network protocol comm...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L63/1433H04L63/0227H04L43/50H04L43/0805Y02P90/02
Inventor 孙利民刘圃卓宋站威孙玉砚顾智敏黄伟刘伟郭雅娟姜海涛朱道华周超郭静王梓莹
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap