Industrial control system vulnerability trend analysis and early warning method and system

Abstract

The invention discloses an industrial control system vulnerability trend analysis and early warning method and system, and the method comprises the steps: the simulation establishment of a plurality of probes is carried out with a core protocol in an industrial control system, and enabling the probes to be deployed in a public network and an intranet; The probe collects attack information in an interactive mode; The simulated industrial control system probe sends the collected attack information to a data analysis module, and the data analysis module is responsible for data analysis and vulnerability mining; The data analysis module generates an attack utilization rule base and a vulnerability base according to data analysis and vulnerability mining results; And the data analysis module analyzes the attack information sent back by the matching probe by using the generated attack utilization rule base and the vulnerability base, and reports the analysis result of the attack informationto the security equipment and the early warning display platform. According to the simulation industrial control system, the simulation industrial control system is induced to send an attack to the simulation industrial control system, an attack means is collected, vulnerabilities are analyzed, and serious vulnerability information existing in a production environment or to be utilized is early warned to a user.

Description

technical field [0001] The invention relates to the field of industrial control system security, in particular to a method and system for analyzing and warning the trend of loopholes in an industrial control system. Background technique [0002] The traditional information security defense system includes: firewall, UTM, IPS, IDS, vulnerability scanning system, anti-virus system, terminal management system, WAF, DB-AUDIT and security monitoring platform, etc. From the perspective of network structure layering, the product system has been improved However, in terms of actual functions, the shortcomings are also obvious, mainly in the following three aspects: [0003] 1. These traditional security products can only defend against security threats from certain aspects, forming "islands of security defense" one by one. [0004] 2. There is a lack of effective integration and correlation analysis of massive multi-dimensional information security data, which cannot produce synerg...

AI Technical Summary

Problems solved by technology

[0003] 1. These traditional security products can only resist security threats from certain aspects, forming "islands of security defense" one by one

[0004] 2. Lack of effective integration and correlation analysis of massive multi-dimensional information security data, unable to produce synergistic effects

[0005] 3. These safety monitoring data cannot be used as an effective resource for upper-level safety decision-making

[0006] Most of these traditional security defense facilities analyze and monitor the attacks that have occurred by analyzing the logs of security devices in the seventh layer of the network. They are basically passive defense ideas, lacking the ability of network security situation awareness and linkage early warning. It is often too late to take corresponding emergency measures after detecting a network attack event, because the network attack has already occurred and the attack has caused irreparable losses

Images