Penetration test framework suitable for industrial control system

An industrial control system and penetration testing technology, applied in transmission systems, electrical components, etc., can solve problems such as low detection efficiency of industrial control systems, difficulty in detecting vulnerabilities in industrial control environments, and low coverage of industrial control security vulnerabilities, so as to improve penetration testing Capabilities and penetration methods are enriched to improve the effect of system security assessment

Inactive Publication Date: 2018-11-13
NANJING UNIV +3
View PDF6 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] On the basis of the existing work, the purpose of the present invention is to: propose a penetration testing framework suitable for industrial control systems, to solve the problem of low detection efficiency of existing penetration testing tools for industrial control systems, low coverage of industrial control security vulnerabilities, and problems in industrial control environments. Difficulty in vulnerability detection and single exploit method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Penetration test framework suitable for industrial control system
  • Penetration test framework suitable for industrial control system
  • Penetration test framework suitable for industrial control system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] According to the main process of the penetration test and the uniqueness of the industrial control environment, the framework of the invention performs the penetration test and vulnerability assessment on the target industrial control system. First, do network detection for the structure of the target industrial control system to obtain the basic network topology diagram, and call different functional modules in the framework based on different test targets or different functional requirements of users, such as vulnerability detection for the industrial control network environment, target Penetration testing of industrial control equipment or vulnerability scanning based on a private industrial control protocol.

[0036] The features of the penetration testing framework suitable for industrial control systems will be further described below in conjunction with the relevant explanatory diagrams and specific implementation of the present invention.

[0037] The first step...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a penetration test framework suitable for an industrial control system. The penetration test framework comprises the following modules: (1) a functional interaction module based on a test target; (2) asset identification and network topology detection on a target network based on a TCP / IP protocol stack; (3) system detection based on an industrial control simulation client,and acquisition of target fingerprint information through a feature data packet; (4) vulnerability scanning based on an industrial control vulnerability library; (5) vulnerability mining based on anindustrial control proprietary protocol, and a blurring test of an industrial Ethernet protocol test; and (6) penetration attack based on features of the industrial control system, and an effective simulation attack on the test target. The framework can perform an effective penetration test on the industrial control system, and solve the problems of of low detection efficiency of the industrial control system, low coverage of industrial control vulnerabilities, difficult detection of industrial control environment vulnerability and single use of vulnerabilities of the existing penetration testtools.

Description

technical field [0001] The invention belongs to the field of computer technology, especially the field of industrial control security. The invention provides a penetration test framework suitable for industrial control systems, and conducts professional penetration tests on industrial control equipment to improve its safety and reliability. Background technique [0002] At the beginning of the design of the industrial control system, the main considerations were availability and real-time performance, and the early industrial control systems were relatively closed, and the possibility of security attacks was small, so the industrial control system did not consider security at the beginning of the design. With the widespread application of computer technology and network communication technology in industrial control systems, traditional industrial control systems have gradually broken the previous closedness and proprietary nature. Standard and general communication protocol...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1433
Inventor 周伟平杨维永朱世顺茅兵靳丹刘欣郭健
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap