Unlock instant, AI-driven research and patent intelligence for your innovation.

A Malicious Code Discovery Method for Industrial Control Equipment

A malicious code and discovery method technology, applied in the fields of instrumentation, computing, electrical digital data processing, etc., can solve the problem of lack of remote malicious code and so on

Active Publication Date: 2022-04-19
中国船舶重工集团公司第七一四研究所
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, CN 104573516 A especially lacks the integrity measurement mechanism for directly obtaining the executed malicious code by bypassing the loading of the system kernel through techniques such as remote overflow for remote malicious code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Malicious Code Discovery Method for Industrial Control Equipment
  • A Malicious Code Discovery Method for Industrial Control Equipment
  • A Malicious Code Discovery Method for Industrial Control Equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described below in conjunction with the accompanying drawings and embodiments. The specific embodiments described here are only used to explain the algorithm of the present invention, and do not limit the implementation language of the present invention.

[0031] The industrial control terminal protection application consists of the following modules:

[0032] 1) Timing module;

[0033] 2) process snapshot capture module;

[0034] 3) thread snapshot analysis module;

[0035] 4) Address analysis module;

[0036] 5) Code analysis module;

[0037] After the industrial control terminal protection application is started, the following logic is executed:

[0038] 1) When the industrial control terminal protection application is started, the timing module, the process snapshot capture module, the on-site snapshot analysis module, and the a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a malicious code discovery method for industrial control equipment, which checks the PC registers of the CPU of the execution units of all threads or operating systems in the system regularly, and checks the location of the PC registers of the execution units of the threads or operating systems. Executable modules are compared, and according to the execution location, it is judged whether it belongs to the system's own executable file, or a readable and writable memory area (non-code area), or an executable file located in a temporary location, so as to find malicious code for industrial control equipment. The invention is especially effective for malicious codes of industrial control equipment injected and executed remotely.

Description

technical field [0001] The invention relates to the technical field of information security, and discloses a method for discovering malicious codes in industrial control equipment through the protection application of the industrial control system. Background technique [0002] Due to its long life cycle and uninterrupted operation, industrial control equipment usually uses an old operating system and is not easy to patch. Tools that lead to security vulnerabilities targeting a large number of old systems can launch attacks on industrial control systems relatively smoothly, especially the remote execution of malicious codes is the most harmful. [0003] In the prior art, attempts have been made to implement malicious code identification using a black and white list system. For example, Chinese patent CN 104573516 A relies on integrity measurement and control technology to prevent untrusted programs from running on industrial control terminals (operating stations). [0004]...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 陈琳张漪闫国星宋震张志勇陈曦
Owner 中国船舶重工集团公司第七一四研究所