Industrial control network security detection system and detection method

Abstract

The invention relates to the field of industrial control network security vulnerability detection. In order to achieve thorough and comprehensive detection of industrial control network security vulnerabilities, effectively discover unknown security vulnerabilities, and find out a root cause of the industrial control network security vulnerabilities, the invention provides an industrial control network security detection system, wherein a test case module provides test cases for a fuzzy test engine; the fuzzy test engine generates a test data packet and performs security detection on a detection target, and obtains test results including "normal", "other" and "suspected vulnerabilities"; a monitor monitors the state of the detection target in real time; a root cause analysis module drives the fuzzy test engine to perform attack replay, after the vulnerability verification is successful, performs abnormality analysis on an abnormal data packet, and obtains the root cause of the security vulnerabilities; and a report generation engine generates a test report. The industrial control network security detection system provided by the invention is used for carrying out security detection, and the detection is thorough and comprehensive, which can effectively find the unknown security vulnerabilities and obtain the root cause of the security vulnerabilities.

Description

technical field [0001] The invention relates to the field of detection of security loopholes in industrial control networks, in particular to an industrial control network security detection system and method for detecting security loopholes in industrial control networks. Background technique [0002] In recent years, industrial control systems have emphasized openness, and a large number of general-purpose IT products have been introduced into industrial control networks, such as Windows operating systems, relational databases, etc., and Ethernet and TCP / IP protocols have been widely used, resulting in a large number of IT vulnerabilities being introduced into In the industrial control network. In addition, most of the application layer protocols and fieldbus protocols of industrial control networks use clear code transmission protocols such as MODBUS / TCP and CAN, which have unavoidable vulnerabilities such as no strict identification and easy forgery of messages. Therefo...

AI Technical Summary

Problems solved by technology

In addition, most of the application layer protocols and fieldbus protocols of industrial control networks use clear code transmission protocols such as MODBUS/TCP and CAN, which have unavoidable vulnerabilities such as no strict identification and easy forgery of messages.

Therefore, the industrial control network is vulnerable to attacks by attackers using vulnerabilities. Serious attack consequences can even completely paralyze the industrial control network, resulting in loss of control of the industrial process or shutdown of the device

[0003] At present, when detecting industrial control network security vulnerabilities, technologies such as port service scanning and vulnerability feature scanning rely heavily on the industrial control network security vulnerability database. However, there is very little security vulnerability information

Images