An industrial control system vulnerability trend analysis and early warning method and system

Abstract

The invention discloses a vulnerability trend analysis and early warning method and system of an industrial control system, including: simulating and establishing a number of probes with core protocols in the industrial control system, and deploying the probes in a public network and an intranet; The simulated industrial control system probe sends the collected attack information to the data analysis module, which is responsible for data analysis and vulnerability mining; the data analysis module generates attack exploits based on the results of data analysis and vulnerability mining. Rule base and vulnerability library; the data analysis module utilizes the generated attack exploit rule base and vulnerability library, analyzes the attack information sent back by the matching probe, and reports the attack information analysis result to the security device and the warning display platform. The invention simulates an industrial control system, induces it to attack the simulated industrial control system, collects its attack means, analyzes loopholes, and warns users in advance of serious loopholes existing or to be used in the production environment.

Description

technical field [0001] The invention relates to the field of industrial control system security, in particular to a method and system for analyzing and warning the trend of loopholes in an industrial control system. Background technique [0002] The traditional information security defense system includes: firewall, UTM, IPS, IDS, vulnerability scanning system, anti-virus system, terminal management system, WAF, DB-AUDIT and security monitoring platform, etc. From the perspective of network structure layering, the product system has been improved However, in terms of actual functions, the shortcomings are also obvious, mainly in the following three aspects: [0003] 1. These traditional security products can only defend against security threats from certain aspects, forming "islands of security defense" one by one. [0004] 2. There is a lack of effective integration and correlation analysis of massive multi-dimensional information security data, which cannot produce synerg...

AI Technical Summary

Problems solved by technology

[0003] 1. These traditional security products can only resist security threats from certain aspects, forming "islands of security defense" one by one

[0004] 2. Lack of effective integration and correlation analysis of massive multi-dimensional information security data, unable to produce synergistic effects

[0005] 3. These safety monitoring data cannot be used as an effective resource for upper-level safety decision-making

[0006] Most of these traditional security defense facilities analyze and monitor the attacks that have occurred by analyzing the logs of security devices in the seventh layer of the network. They are basically passive defense ideas, lacking the ability of network security situation awareness and linkage early warning. It is often too late to take corresponding emergency measures after detecting a network attack event, because the network attack has already occurred and the attack has caused irreparable losses

Images