Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Industrial control equipment vulnerability mining method, system and equipment and storage medium

A technology for industrial control equipment and vulnerability mining, applied in the field of vulnerability analysis, can solve problems such as the failure of normal operation of industrial control equipment, and achieve the effect of avoiding failure to operate normally.

Active Publication Date: 2022-03-25
INFORMATION CENT OF CHINA NORTH IND GRP
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the deficiencies in the prior art, the present invention provides a method, system, device and storage medium for exploiting vulnerabilities in industrial control equipment. During its application, the problems of loopholes in the application programs and business data of industrial control equipment are fully considered, so as to detect the loopholes in the industrial control equipment. Carry out targeted and effective mining to avoid the situation that industrial control equipment cannot operate normally due to application code errors or business data logic errors in actual operation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control equipment vulnerability mining method, system and equipment and storage medium
  • Industrial control equipment vulnerability mining method, system and equipment and storage medium
  • Industrial control equipment vulnerability mining method, system and equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] This embodiment provides a method for mining vulnerabilities in industrial control equipment, such as figure 1 shown, including the following steps:

[0053] S101. Obtain attribute information and business data sets of industrial control equipment.

[0054] During specific implementation, the attribute information and business data sets of the industrial control equipment can be obtained by obtaining the IP address of the industrial control equipment. The specific process includes: obtaining the IP address of the industrial control equipment; then accessing the industrial control equipment according to the IP address, and collecting the properties of the industrial control equipment information and business data. Attribute information includes identification information such as type, model, software and hardware information of industrial control equipment.

[0055] S102. Search the application program source code matching the industrial control device in the applicati...

Embodiment 2

[0072] This embodiment provides a system for mining vulnerabilities in industrial control equipment, such as figure 2 shown, including:

[0073] The acquisition unit is used to acquire attribute information and business data sets of industrial control equipment;

[0074] A retrieval unit, configured to retrieve the application source code corresponding to the industrial control device in the application source code database according to the attribute information;

[0075] The first judging unit is used to import the application program source code into a preset code analysis model, perform static analysis and dynamic analysis on the text data of the application program source code, and determine whether there is a loophole in the application program source code;

[0076] The generation unit is used to generate a business data sequence according to the business data set when determining that there are no loopholes in the application program source code, and perform fuzzy proc...

Embodiment 3

[0079] This embodiment provides a device for exploiting vulnerabilities in industrial control equipment, such as image 3 As shown, at the hardware level, including:

[0080] memory for storing instructions;

[0081] The processor is configured to read the instructions stored in the memory, and execute the method for mining vulnerabilities of industrial control equipment described in Embodiment 1 according to the instructions.

[0082] Optionally, the computer device also includes an internal bus and a communication interface. The processor, the memory and the communication interface can be connected to each other through an internal bus, which can be an ISA (Industry Standard Architecture, industry standard architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnection standard) bus or an EISA (Extended Industry Standard Architecture, extended industry standard architecture) bus, etc. The bus can be divided into address bus, data bus, con...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of vulnerability analysis, in particular to an industrial control equipment vulnerability mining method and system, equipment and a storage medium. The method comprises the steps of obtaining an application program source code and a business data set of the industrial control equipment; importing the application program source code into the code analysis model, performing static analysis and dynamic analysis, and judging whether the application program source code has vulnerabilities or not; generating a service data sequence according to the service data set, and performing fuzzy processing on the service data sequence to obtain a test data sequence; and performing communication docking on the test data sequence and the application program source code, judging that the test data sequence is normal if the reaction data not exceeding the threshold range is obtained, and judging that the test data sequence has vulnerabilities if the reaction data exceeding the threshold range is obtained or the reaction data is not obtained. According to the method, the problems of vulnerabilities of the application program and the business data of the industrial control equipment are fully considered, so that the vulnerabilities are effectively mined in a targeted manner.

Description

technical field [0001] The invention relates to the technical field of vulnerability analysis, in particular to a method, system, device and storage medium for mining vulnerabilities of industrial control equipment. Background technique [0002] Industrial control computer (industrial computer) is a general term for a tool that uses a bus structure to detect and control the production process and its electromechanical equipment and process equipment. It has important computer attributes and characteristics, such as: computer CPU, hard disk, memory, peripherals and interfaces, real-time operating system, computing power, control network and protocols, friendly man-machine interface, etc. The main categories of industrial computers are: IPC (PC bus industrial computer), PLC (programmable control system), DCS (distributed control system), FCS (field bus system) and CNC (numerical control system) five. [0003] Industrial control equipment is an important part of the industrial...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 王宇龙方帆饶永红
Owner INFORMATION CENT OF CHINA NORTH IND GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com