[go: up one dir, main page]

CN109257348A - A kind of cluster bug excavation method and device based on industrial control system - Google Patents

A kind of cluster bug excavation method and device based on industrial control system Download PDF

Info

Publication number
CN109257348A
CN109257348A CN201811071595.4A CN201811071595A CN109257348A CN 109257348 A CN109257348 A CN 109257348A CN 201811071595 A CN201811071595 A CN 201811071595A CN 109257348 A CN109257348 A CN 109257348A
Authority
CN
China
Prior art keywords
checked
measurement equipment
group
target
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811071595.4A
Other languages
Chinese (zh)
Inventor
崔佳炜
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811071595.4A priority Critical patent/CN109257348A/en
Publication of CN109257348A publication Critical patent/CN109257348A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3668Testing of software
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3668Testing of software
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of cluster bug excavation method and device based on industrial control system, it is related to the technical field of equipment detection, it include: the attribute information for obtaining measurement equipment to be checked and sending, wherein, the attribute information comprises at least one of the following: the type of measurement equipment to be checked, the model of measurement equipment to be checked, the system that measurement equipment to be checked uses, the quantity of measurement equipment to be checked are multiple;Detection device is treated based on attribute information to classify, obtains sorting group, wherein includes multiple subclassification groups in sorting group;Measurement equipment to be checked based on load balancing into the multiple subclassification group in target subclassification group sends detection data packet, and obtains equipment bug excavation result.The present invention solves efficiency lower technical problem when the cluster bug excavation method of existing industrial control system carries out bug excavation to the equipment in system.

Description

A kind of cluster bug excavation method and device based on industrial control system
Technical field
The present invention relates to the technical fields of equipment monitoring, more particularly, to a kind of cluster loophole based on industrial control system Method for digging.
Background technique
Industrial control system is wanted to meet the high rate data transmission of the larger data amount file such as image data, voice signal It asks, not only with currently the combining with control network in the fashionable Ethernet of commercial field, while again will be such as embedded, more A variety of current popular techniques such as the standard industry control network interconnection, wireless technology are integrated into, to expand Industry Control neck The development space in domain brings new opportunity to develop.
But since existing industrial control system combines multiple systems, existing industrial control system is caused to compare It is huger, possess the cluster of oneself.At present for the bug excavation method of equipment in industrial production environment comparative maturity, loophole Excavating server can be used multiple network interfaces, the corresponding equipment in a functional area, while carry out bug excavation to equipment.Although more The leakage digging of network interface can reach raising by upgrading hardware (digging for example, increasing network interface quantity and enhancing leakage for hardware performance etc.) and set The purpose of standby bug excavation efficiency, but for the industrial control system of multiple clusters, such bug excavation mode efficiency Still lower.
In view of the above-mentioned problems, not proposing effective solution scheme also.
Summary of the invention
In view of this, the cluster bug excavation method that the purpose of the present invention is to provide a kind of based on industrial control system and Device, when carrying out bug excavation to the equipment in system to alleviate the cluster bug excavation method of existing industrial control system The lower technical problem of efficiency.
In a first aspect, the embodiment of the invention provides a kind of cluster bug excavation method based on industrial control system, it should Method is applied to server, comprising: obtains the attribute information that measurement equipment to be checked is sent, wherein the attribute information includes following At least one: the type of measurement equipment to be checked, the model of measurement equipment to be checked, the system that measurement equipment to be checked uses are described to be detected to set Standby quantity is multiple;Classified based on the attribute information to the measurement equipment to be checked, obtains sorting group, the sorting group In include multiple subclassification groups;It is to be detected in target subclassification group into the multiple subclassification group based on load balancing Equipment sends detection data packet, and obtains equipment bug excavation result.
Further, before obtaining the attribute information that measurement equipment to be checked is sent, the method also includes: obtain target foot This program, wherein the target shell script is used to determine the Communications Protocol Specification of the industrial control system;Based on the mesh Shell script is marked, probe data packet is generated, and the probe data packet is sent to the measurement equipment to be checked, so that described to be checked Measurement equipment is based on the probe data packet and sends the attribute information to the server.
Further, the measurement equipment to be checked based on load balancing into target classification group sends detection data packet It includes: ping being carried out to each measurement equipment to be checked according to predetermined period and leads to status scan, obtains each measurement equipment to be checked Ping lead to status information;Based on the load balancing into the target subclassification group ping lead to status information be can quilt The measurement equipment to be checked that ping leads to status information sends the detection data packet.
Further, the method also includes: be based on the target subclassification group selection target detection use-case;Based on described Target shell script and the target detection use-case, generate the detection data packet.
Further, method is stated further include: the ping of each measurement equipment to be checked is led into status information and the classification The information of group is sent to terminal device so that the terminal device to the ping of each measurement equipment to be checked lead to status information and The information of the sorting group is shown, wherein the information of the sorting group includes identification information and the institute of each subclassification group Belong to the information of the measurement equipment to be checked of each subclassification group.
It further, include the vulnerability information for generating the measurement equipment to be checked of loophole, the side in the bug excavation result Method further include: the vulnerability information in the equipment bug excavation result is counted according to loophole danger classes, obtains loophole Statistical report;Wherein, the loophole danger classes includes: the first loophole danger classes, the second loophole danger classes and third leakage Hole danger classes, the first loophole danger classes, the second loophole danger classes and third loophole danger classes institute The danger classes of characterization gradually decreases.
Second aspect, the embodiment of the invention provides a kind of cluster bug excavation device based on industrial control system should Device is set to server, comprising: first acquisition unit, taxon and detection unit, wherein the first acquisition unit is used In the attribute information for obtaining measurement equipment transmission to be checked, wherein the attribute information comprises at least one of the following: measurement equipment to be checked Type, the model of measurement equipment to be checked, the system that measurement equipment to be checked uses, the quantity of the measurement equipment to be checked are multiple;Described point Class unit is used to classify to the measurement equipment to be checked based on the attribute information, obtains sorting group, wraps in the sorting group Containing multiple subclassification groups;The detection unit is used for the measurement equipment to be checked hair based on load balancing into target subclassification group Inspection measured data packet, and obtain equipment bug excavation result.
Further, described device further include: second acquisition unit, the second acquisition unit is for obtaining target script Program, wherein the target shell script is used to determine the Communications Protocol Specification of the industrial control system;Based on the target Shell script generates probe data packet, and the probe data packet is sent to the measurement equipment to be checked, so that described to be detected Equipment is based on the probe data packet and sends the attribute information to the server.
Further, the detection unit is also used to: carrying out ping to each measurement equipment to be checked according to predetermined period Logical status scan, the ping for obtaining each measurement equipment to be checked lead to status information;Based on the load balancing to described It is that can be led to the measurement equipment to be checked transmission detection data of status information by ping that ping, which leads to status information, in target subclassification group Packet.
Further, described device further include: generation unit, the generation unit are used to be based on the target subclassification group Selection target test case;Based on the target shell script and the target detection use-case, the detection data packet is generated.
In embodiments of the present invention, server obtains the attribute information that measurement equipment to be checked is sent first, is then based on attribute Information classifies to the measurement equipment to be checked, finally, being set based on to be detected into target subclassification group of load balancing Preparation inspection measured data packet, and obtain equipment bug excavation as a result, the present invention by treat detection device according to attribute information into After row classification, bug excavation disposably is carried out to the measurement equipment to be checked in same classification according to equally loaded strategy, is solved Efficiency is lower when the cluster bug excavation method of existing industrial control system carries out bug excavation to the equipment in system Technical problem has reached the technical effect for improving the bug excavation efficiency of measurement equipment to be checked.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of process of the cluster bug excavation method based on industrial control system provided in an embodiment of the present invention Figure;
Fig. 2 is the process of another cluster bug excavation method based on industrial control system provided in an embodiment of the present invention Figure;
Fig. 3 is the process of another cluster bug excavation method based on industrial control system provided in an embodiment of the present invention Figure;
Fig. 4 is the process of another cluster bug excavation method based on industrial control system provided in an embodiment of the present invention Figure;
Fig. 5 is a kind of signal of the cluster bug excavation device based on industrial control system provided in an embodiment of the present invention Figure;
Fig. 6 is a kind of schematic diagram of server provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Embodiment one:
According to embodiments of the present invention, a kind of cluster bug excavation method embodiment based on industrial control system is provided, It should be noted that step shown in the flowchart of the accompanying drawings can be in the department of computer science of such as a group of computer-executable instructions It is executed in system, although also, logical order is shown in flow charts, and it in some cases, can be to be different from herein Sequence execute shown or described step.
Fig. 1 is a kind of cluster bug excavation method based on industrial control system according to an embodiment of the present invention, such as Fig. 1 institute Show, this method comprises the following steps:
Step S102 obtains the attribute information that measurement equipment to be checked is sent, wherein the attribute information includes following at least one Kind: the type of measurement equipment to be checked, the model of measurement equipment to be checked, the system that measurement equipment to be checked uses, the number of the measurement equipment to be checked Amount is multiple;
Step S104 classifies to the measurement equipment to be checked based on the attribute information, obtains sorting group, wherein institute It states in sorting group comprising multiple subclassification groups;
Step S106, the measurement equipment to be checked based on load balancing into target subclassification group send detection data packet, And obtain equipment bug excavation result.
In embodiments of the present invention, server obtains the attribute information that measurement equipment to be checked is sent first, is then based on attribute Information classifies to the measurement equipment to be checked, finally, being set based on to be detected into target subclassification group of load balancing Preparation inspection measured data packet, and obtain equipment bug excavation as a result, the present invention by treat detection device according to attribute information into After row classification, bug excavation disposably is carried out to the measurement equipment to be checked in same classification according to equally loaded strategy, is solved Efficiency is lower when the cluster bug excavation method of existing industrial control system carries out bug excavation to the equipment in system Technical problem has reached the technical effect for improving the bug excavation efficiency of measurement equipment to be checked.
It should be noted that testing staff can select to carry out industrial control system from server by web page Used load balancing when cluster bug excavation, wherein load balancing includes: polling schemas, randomized policy and Minimum connection strategy.
In addition, it should also be noted that, because bug excavation object is group system (that is, industrial control system), institute Can there is identical equipment (that is, measurement equipment to be checked in the application) in group system.It therefore, in the present embodiment, can be with It, will be identical to be checked according to device type, the device model, device systems of measurement equipment to be checked each in industrial control system Measurement equipment is classified as one kind.
Server treats the bug excavation that detection device carries out load balancing, poll plan using polling schemas under normal circumstances Slightly by combining the session session of redis database realizing shared.When server sends polling request information to measurement equipment to be checked Afterwards, if server gets the request responsive state code table sign polling request failure of measurement equipment to be checked feedback, server to Detection device repeats to send polling request.
In embodiments of the present invention, as shown in Fig. 2, step S106 further includes following steps:
Step S1061 carries out ping to each measurement equipment to be checked according to predetermined period and leads to status scan, obtains each The ping of the measurement equipment to be checked leads to status information;
Step S1062, based on the load balancing into the target subclassification group ping lead to status information be can The detection data packet is sent by the ping measurement equipment to be checked for leading to status information.
In embodiments of the present invention, firstly, server establishes the scan task for treating detection device.
Lead to the to be detected of status scan furthermore it is also possible to input in terminal device by testing staff and need to carry out ping The IP address of equipment, the equipment that the corresponding measurement equipment to be checked of above-mentioned IP address is scanned as needs.
Then, the bottom engine of server is treated the logical state of detection device ping according to predetermined period and is scanned, so that The ping that server gets each measurement equipment to be checked leads to status information.
It should be noted that above-mentioned predetermined period can be by testing staff's sets itself according to the actual situation, general feelings The time of above-mentioned predetermined period is 5 to 10 seconds under condition.
Finally, server will based on the load balancing into target subclassification group ping lead to status information be can quilt The measurement equipment to be checked that ping leads to status information sends detection data packet.
In the embodiment of the present invention, as shown in figure 3, before obtaining the attribute information that measurement equipment to be checked is sent, the method Further include following steps:
Step S11 obtains target shell script, wherein the target shell script is for determining the Industry Control system The Communications Protocol Specification of system;
Step S12 is based on the target shell script, generates probe data packet, and the probe data packet is sent to The measurement equipment to be checked, so that the measurement equipment to be checked, which is based on the probe data packet, sends the attribute letter to the server Breath.
In the present invention, before Detection task starts, testing staff writes target shell script first, wherein target Information included in shell script is the Communications Protocol Specification of industrial control system.
It should be noted that above-mentioned target script uses XML shell script, while the import feature of web can be passed through Shell script is imported into server.
Server is based on target shell script, generates probe data packet, and the probe data packet is sent to be detected set It is standby, so that measurement equipment to be checked, which is based on probe data packet, sends attribute information to server.
In the embodiment of the present invention, as shown in figure 3, the method also includes following steps:
Step S21 is based on the target subclassification group selection target detection use-case;
Step S22 is based on the target shell script and the target detection use-case, generates the detection data packet.
In embodiments of the present invention, testing staff gets out test case in advance, and test case is imported into database In, wherein test case excavates the type of loophole for determining, and includes communication protocol information in test case.
Server is according to target subclassification group selection target detection use-case, and according to target detection use-case and target script journey Sequence generates detection data packet.
In embodiments of the present invention, as shown in figure 4, the method also includes following steps:
The ping of each measurement equipment to be checked information for leading to status information and the sorting group is sent to by step S108 Terminal device, so that the terminal device leads to the letter of status information and the sorting group to the ping of each measurement equipment to be checked Breath is shown, wherein the information of the sorting group includes the identification information and belonging each subclassification of each subclassification group The information of the measurement equipment to be checked of group.
In embodiments of the present invention, the ping that server gets measurement equipment to be checked leads to the information of status information and sorting group Afterwards, the ping of the measurement equipment to be checked information for leading to status information and sorting group is sent to terminal device by server, so that terminal is set The standby ping for treating detection device leads to status information and the information of sorting group is shown.
For example, different subclassification groups are shown on the different table pages, each table when to the information of sorting group The measurement equipment to be checked shown in the page can be considered as identical equipment, while can also show each to be detected set on this page Standby IP address.
Treat detection device ping lead to status information display when, can by ping communicate breath for can not ping communication breath The corresponding icon of measurement equipment to be checked appears dimmed, thus by can be ping logical measurement equipment to be checked and can not logical to be detected of ping Equipment distinguishes.
In embodiments of the present invention, as shown in figure 4, the method also includes following steps:
It include the vulnerability information for generating the measurement equipment to be checked of loophole in the bug excavation result
Step S110 counts the vulnerability information in the equipment bug excavation result according to loophole danger classes, Obtain loophole statistical report;
Wherein, the loophole danger classes includes: the first loophole danger classes, the second loophole danger classes and third loophole Danger classes, the first loophole danger classes, the second loophole danger classes and third loophole danger classes institute table The danger classes of sign gradually decreases.
In embodiments of the present invention, server is after getting the equipment bug excavation result that measurement equipment to be checked is sent, clothes Business device counts the vulnerability information in equipment bug excavation result according to hole danger classes, obtains loophole statistical report.
It should be noted that above-mentioned loophole statistical report can be exported with formats such as Word, PDF to terminal device, with Show that terminal device loophole statistical report with above-mentioned format.
Embodiment two:
The present invention also provides a kind of cluster bug excavation device based on industrial control system, the device is for executing sheet Cluster bug excavation device based on industrial control system provided by inventive embodiments above content, is implementation of the present invention below The specific introduction for the cluster bug excavation device based on industrial control system that example provides.
As shown in figure 5, the above-mentioned cluster bug excavation device based on industrial control system is set to server, comprising: the One acquiring unit 10, taxon 20 and detection unit 30, wherein
The first acquisition unit 10 is used to obtain the attribute information that measurement equipment to be checked is sent, wherein the attribute information Comprise at least one of the following: the type of measurement equipment to be checked, the model of measurement equipment to be checked, the system that measurement equipment to be checked uses are described The quantity of measurement equipment to be checked is multiple;
The taxon 20 is used to classify to the measurement equipment to be checked based on the attribute information, is classified Group includes multiple subclassification groups in the sorting group;
The detection unit 30 is used for based on load balancing into the multiple subclassification group in target subclassification group Measurement equipment to be checked send detection data packet, and obtain equipment bug excavation result.
In embodiments of the present invention, first acquisition unit obtains the attribute information that measurement equipment to be checked is sent first, then divides Class unit is based on attribute information and classifies to the measurement equipment to be checked, finally, detection unit is based on load balancing to mesh The measurement equipment to be checked marked in subclassification group sends detection data packet, and obtains equipment bug excavation as a result, the present invention is by treating After detection device is classified according to attribute information, according to equally loaded strategy disposably to be detected in same classification Equipment carries out bug excavation, and the cluster bug excavation method for solving existing industrial control system carries out the equipment in system Bug excavation is the lower technical problem of efficiency, has reached the technical effect for improving the bug excavation efficiency of measurement equipment to be checked.
Further, described device further include: second acquisition unit, wherein the second acquisition unit is for obtaining mesh Mark shell script, wherein the target shell script is used to determine the Communications Protocol Specification of the industrial control system;Based on institute Target shell script is stated, probe data packet is generated, and the probe data packet is sent to the measurement equipment to be checked, so that described Measurement equipment to be checked is based on the probe data packet and sends the attribute information to the server.
Further, the detection unit is also used to: carrying out ping to each measurement equipment to be checked according to predetermined period Logical status scan, the ping for obtaining each measurement equipment to be checked lead to status information;Based on the load balancing to described It is that can be led to the measurement equipment to be checked transmission detection data of status information by ping that ping, which leads to status information, in target subclassification group Packet.
Further, described device further include: generation unit, described device further include: generation unit, wherein the life It is used to be based on the target subclassification group selection target detection use-case at unit;Based on the target shell script and the target Test case generates the detection data packet.
Further, described device further include: generation unit, wherein the generation unit is used for will be each described to be checked The ping of measurement equipment leads to status information and the information of the sorting group is sent to terminal device, so that the terminal device is to each The ping of the measurement equipment to be checked leads to status information and the information of the sorting group is shown, wherein the letter of the sorting group Cease the information including the identification information of each subclassification group and the measurement equipment to be checked of belonging each subclassification group.
Further, described device further include: report generation unit, the report generation unit are used for according to loophole danger Grade counts the vulnerability information in the equipment bug excavation result, obtains loophole statistical report;Wherein, the loophole Danger classes includes: the first loophole danger classes, the second loophole danger classes and third loophole danger classes, first loophole The danger classes that danger classes, the second loophole danger classes and the third loophole danger classes are characterized gradually decreases.
Referring to Fig. 6, the embodiment of the present invention also provides a kind of server 100, comprising: processor 60, memory 61, bus 62 With communication interface 63, the processor 60, communication interface 63 and memory 61 are connected by bus 62;Processor 60 is for executing The executable module stored in memory 61, such as computer program.
Wherein, memory 61 may include high-speed random access memory (RAM, Random Access Memory), It may further include non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.By extremely A few communication interface 63 (can be wired or wireless) is realized logical between the system network element and at least one other network element Letter connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 62 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 6, it is not intended that an only bus or A type of bus.
Wherein, memory 61 is for storing program, and the processor 60 executes the journey after receiving and executing instruction Sequence, method performed by the device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied to handle In device 60, or realized by processor 60.
Processor 60 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side Each step of method can be completed by the integrated logic circuit of the hardware in processor 60 or the instruction of software form.Above-mentioned Processor 60 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally In the storage medium of field maturation.The storage medium is located at memory 61, and processor 60 reads the information in memory 61, in conjunction with Its hardware completes the step of above method.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical", The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation, It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ", " third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read- Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of cluster bug excavation method based on industrial control system, which is characterized in that be applied to server, comprising:
Obtain the attribute information that measurement equipment to be checked is sent, wherein the attribute information comprises at least one of the following: measurement equipment to be checked Type, the system that uses of the model of measurement equipment to be checked and measurement equipment to be checked, the quantity of the measurement equipment to be checked is multiple;
Classified based on the attribute information to the measurement equipment to be checked, obtains sorting group, wherein include in the sorting group Multiple subclassification groups;
Measurement equipment to be checked based on load balancing into the multiple subclassification group in target subclassification group sends testing number According to packet, and obtain equipment bug excavation result.
2. the method according to claim 1, wherein before obtaining the attribute information that measurement equipment to be checked is sent, The method also includes:
Obtain target shell script, wherein the target shell script is used to determine the communication protocol of the industrial control system Specification;
Based on the target shell script, probe data packet is generated;
The probe data packet is sent to the measurement equipment to be checked, so that the measurement equipment to be checked is based on the probe data packet The attribute information is sent to the server.
3. according to the method described in claim 2, it is characterized in that, to be checked into target classification group based on load balancing Measurement equipment sends detection data packet
Ping is carried out to each measurement equipment to be checked according to predetermined period and leads to status scan, obtains each measurement equipment to be checked Ping lead to status information;
It is that can be led to state letter by ping that based on the load balancing, into the target subclassification group, ping, which leads to status information, The measurement equipment to be checked of breath sends the detection data packet.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
Based on the target subclassification group selection target detection use-case;
Based on the target shell script and the target detection use-case, the detection data packet is generated.
5. according to the method described in claim 2, it is characterized in that, the method also includes:
The ping of each measurement equipment to be checked information for leading to status information and the sorting group is sent to terminal device, so that The terminal device shows the ping of each measurement equipment to be checked information for leading to status information and the sorting group, In, the information of the sorting group includes the identification information of each subclassification group and the measurement equipment to be checked of belonging each subclassification group Information.
6. the method according to claim 1, wherein including the to be checked of generation loophole in the bug excavation result The vulnerability information of measurement equipment, the method also includes:
The vulnerability information in the equipment bug excavation result is counted according to loophole danger classes, obtains loophole statistics report It accuses;
Wherein, the loophole danger classes includes: the first loophole danger classes, and the second loophole danger classes and third loophole are dangerous Grade, what the first loophole danger classes, the second loophole danger classes and the third loophole danger classes were characterized Danger classes gradually decreases.
7. a kind of cluster bug excavation device based on industrial control system, which is characterized in that be set to server, described device It include: first acquisition unit, taxon and detection unit, wherein
The first acquisition unit is used to obtain the attribute information that measurement equipment to be checked is sent, wherein the attribute information include with Lower at least one: the type of measurement equipment to be checked, the model of measurement equipment to be checked, the system that measurement equipment to be checked uses are described to be detected The quantity of equipment is multiple;
The taxon is used to classify to the measurement equipment to be checked based on the attribute information, obtains sorting group, described It include multiple subclassification groups in sorting group;
The detection unit is used for the measurement equipment to be checked based on load balancing into target subclassification group and sends detection data Packet, and obtain equipment bug excavation result.
8. device according to claim 7, which is characterized in that described device further include: second acquisition unit is used for: being obtained Take target shell script, wherein the target shell script is used to determine the Communications Protocol Specification of the industrial control system;With And it is based on the target shell script, probe data packet is generated, and the probe data packet is sent to the measurement equipment to be checked, So that the measurement equipment to be checked, which is based on the probe data packet, sends the attribute information to the server.
9. device according to claim 8, which is characterized in that the detection unit is also used to:
Ping is carried out to each measurement equipment to be checked according to predetermined period and leads to status scan, obtains each measurement equipment to be checked Ping lead to status information;
It is that can be led to state letter by ping that based on the load balancing, into the target subclassification group, ping, which leads to status information, The measurement equipment to be checked of breath sends the detection data packet.
10. device according to claim 8, which is characterized in that described device further include: generation unit is used for: being based on institute State target subclassification group selection target detection use-case;And it is based on the target shell script and the target detection use-case, it is raw At the detection data packet.
CN201811071595.4A 2018-09-13 2018-09-13 A kind of cluster bug excavation method and device based on industrial control system Pending CN109257348A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811071595.4A CN109257348A (en) 2018-09-13 2018-09-13 A kind of cluster bug excavation method and device based on industrial control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811071595.4A CN109257348A (en) 2018-09-13 2018-09-13 A kind of cluster bug excavation method and device based on industrial control system

Publications (1)

Publication Number Publication Date
CN109257348A true CN109257348A (en) 2019-01-22

Family

ID=65048141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811071595.4A Pending CN109257348A (en) 2018-09-13 2018-09-13 A kind of cluster bug excavation method and device based on industrial control system

Country Status (1)

Country Link
CN (1) CN109257348A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730180A (en) * 2019-10-17 2020-01-24 杭州安恒信息技术股份有限公司 Portable communication equipment detection instrument and communication equipment detection method
CN112364351A (en) * 2020-12-30 2021-02-12 杭州海康威视数字技术股份有限公司 Device threat discovery method, device, computing device and storage medium
CN118244745A (en) * 2024-05-29 2024-06-25 国家工业信息安全发展研究中心 Equipment detection method, device, server and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8869279B2 (en) * 2011-05-13 2014-10-21 Imperva, Inc. Detecting web browser based attacks using browser response comparison tests launched from a remote source
CN104113443A (en) * 2013-04-19 2014-10-22 中兴通讯股份有限公司 Network equipment detection method, device and cloud detection system
CN106161426A (en) * 2016-06-08 2016-11-23 北京工业大学 A kind of vulnerability scanning method being applied to industry Internet of Things
CN106357664A (en) * 2016-09-30 2017-01-25 北京奇虎科技有限公司 Vulnerability detection method and device
CN106888224A (en) * 2017-04-27 2017-06-23 中国人民解放军信息工程大学 Network safety prevention framework, method and system
CN107566388A (en) * 2017-09-18 2018-01-09 杭州安恒信息技术有限公司 Industry control vulnerability detection method, apparatus and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8869279B2 (en) * 2011-05-13 2014-10-21 Imperva, Inc. Detecting web browser based attacks using browser response comparison tests launched from a remote source
CN104113443A (en) * 2013-04-19 2014-10-22 中兴通讯股份有限公司 Network equipment detection method, device and cloud detection system
CN106161426A (en) * 2016-06-08 2016-11-23 北京工业大学 A kind of vulnerability scanning method being applied to industry Internet of Things
CN106357664A (en) * 2016-09-30 2017-01-25 北京奇虎科技有限公司 Vulnerability detection method and device
CN106888224A (en) * 2017-04-27 2017-06-23 中国人民解放军信息工程大学 Network safety prevention framework, method and system
CN107566388A (en) * 2017-09-18 2018-01-09 杭州安恒信息技术有限公司 Industry control vulnerability detection method, apparatus and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730180A (en) * 2019-10-17 2020-01-24 杭州安恒信息技术股份有限公司 Portable communication equipment detection instrument and communication equipment detection method
CN112364351A (en) * 2020-12-30 2021-02-12 杭州海康威视数字技术股份有限公司 Device threat discovery method, device, computing device and storage medium
CN118244745A (en) * 2024-05-29 2024-06-25 国家工业信息安全发展研究中心 Equipment detection method, device, server and storage medium

Similar Documents

Publication Publication Date Title
CN109491894B (en) Interface test method and equipment
US10198250B1 (en) Partitioning based migration of systems to container and microservice based platforms
CN110362473B (en) Method and device for optimizing test environment, storage medium, and terminal
CN105787364B (en) Automatic testing method, device and system for tasks
CN109257348A (en) A kind of cluster bug excavation method and device based on industrial control system
CN112650656B (en) Performance monitoring method, device, equipment, server and storage medium
CN106776337A (en) Performance analysis method and device and electronic equipment
CN113065779B (en) Data processing method and device and electronic equipment
CN113934512A (en) Method, device, device and storage medium for implementing load balancing
CN114024884B (en) Test method, test device, electronic equipment and storage medium
CN111061464A (en) Analysis code generation method, device, equipment and storage medium
WO2025140748A2 (en) Link stress testing method and system based on micro-service architecture, and device and storage medium
CN108924547A (en) TV motherboard test method, device, system and test host computer
JP4343983B2 (en) Network management apparatus and network management method
CN113392010A (en) Common component testing method and device, electronic equipment and storage medium
US10558513B2 (en) System management apparatus and system management method
CN107430590B (en) System and method for data comparison
WO2023103640A1 (en) Method and apparatus for generating test case, and electronic device and storage medium
JP2014130502A (en) Vulnerability analysis device, vulnerability analysis program, and vulnerability analysis method
CN111338869A (en) Configuration parameter management method, device, device and storage medium
CN114116866A (en) Data acquisition method and device, terminal equipment and storage medium
CN114625587A (en) USB communication test method, device, equipment and storage medium
CN106358220A (en) Detection method of abnormal contact person information, device and system
CN110503504B (en) Information identification method, device and equipment of network product
CN109003031A (en) A kind of method, equipment and the storage medium of scheduling and planning product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190122

RJ01 Rejection of invention patent application after publication