Method for monitoring illegal reading and writing of Siemens S7-PLC data

Abstract

The invention discloses a method for monitoring illegal reading and writing of Siemens S7-PLC data, and the method is characterized in that the method comprises the following steps: S001, setting a switch to be in a bypass mirroring working mode, and mirroring all PLC communication flows of a Siemens S7-PLC; S002, analyzing the mirrored PLC communication flow, judging whether an application layerprotocol of a data packet in the PLC communication flow is an s7comm protocol or not, if so, executing the step S003, and otherwise, executing the step S002; S003, judging whether the remote operationservice control field value of the head part of the s7comm data packet is a specified value or not, if so, executing the step S004, and otherwise, executing the step S002; S004, judging whether the function field value of the parameter part of the s7comm data packet is a specified value or not, if so, executing the step S005, and otherwise, executing the step S002; S005, comparing the data, if the data is an authorized source IP address and an authorized source MAC address, executing the step S002, and otherwise, executing the step S006; and S006, recording a source IP address, a source MAC address, a source port number, a target IP address, a target MAC address and a target port number in the current data packet.

Description

Technical field [0001] The invention belongs to the field of industrial control network security, and specifically relates to a method for monitoring Siemens S7-PLC, in particular to a method for monitoring illegal reading and writing of Siemens S7-PLC data. Background technique [0002] With the continuous cross integration of Industry 4.0, Made in China 2025, Internet +, Internet of Things, and the integration of the two industrializations, more and more information technologies are applied in the field of industrial control, and the degree of openness of industrial control systems is also increasing. While production has greatly promoted, it has also brought security issues such as Trojan horses, viruses, and network attacks. These have become important factors restricting the in-depth integration and development of informatization and industrialization. Traditional protective measures based on physical isolation are far from meeting the needs of industrial informatization dev...

AI Technical Summary

Problems solved by technology

[0003] 1. All kinds of security loopholes cannot be reinforced in time, and the system has serious security risks

[0004] Currently operating industrial control systems generally have security vulnerabilities at the level of equipment, systems, protocols, etc., and based on the special operating mechanism of industrial control systems, industrial control systems are difficult to upgrade in real time, security vulnerabilities are difficult to reinforce in time, equipment has a long service life cycle, and system patch compatibility is poor , long release cycle and other characteristics, leading to serious security risks in the industrial control system

[0005] 2. Industrial networks and bus communications lack security mechanisms and are easy to be attacked and exploited

[0008] The integration of in-depth networking and multi-level interconnection has increased the potential attack paths in the industrial environment, and the introduction of traditional IT products has brought more security vulnerabilities. However, the security theory and protection system of emerging information technology in the field of industrial control is still Immature and insufficient security protection methods make the industrial control network "vulnerable" to cyber attacks

[0009] 4. Inadaptability of security products in the field of traditional information security in industrial control networks

But Siemens S7-PLC also faces the above-mentioned problems in this field equally, specifically, there is no method for monitoring illegal reading and writing of Siemens S7-PLC data in the prior art

Images