Design And Realization Of Scanning Platform Of Industrial Control System Based On Stateless Connection

As all countries in the world are striving to enter the industrial 4.0 era,industrial control equipment such as PLCs are gradually connected to the Internet,which not only improves the efficiency of industrial production but also realizes the intelligentization of industrial production and control.However,many problems brought about by the outbreak of"Stuxnet" virus have raised the industrial network security to the level of national security.For industrial network attack and defense,we must first identify the industrial control equipment in cyberspace,so it is very important to scan and identify the assets of industrial equipment in cyberspace.At present,the industrial control system scanning method uses a combination of ZMap and NMap,uses ZMap to detect the port,and then identifies the device information through NMap.However,this scanning method has a defect that the scanning speed is reduced due to the need to establish a complete TCP connection.Based on the combination of ZMap and NMap,this thesis improves and optimizes the process of scanning identification,and uses stateless connection to scan and identify the industrial control system.ICSMap is designed and implemented,which greatly improves the scanning efficiency.ICSMap supports scanning of more than a dozen industrial control protocols and support customize scan scripts to make using ICSMap more flexible.At the same time,aiming at a large number of industrial control honeypots distributed in cyberspace,this thesis summarizes and extracts the characteristics of various types of industrial control honeypots.A random forest model is proposed to identify the industrial control honeypots distributed in cyberspace.According to the experimental results,the ICSMap implemented in this thesis can scan and identify the target through more than ten kinds of industrial control protocols,and the scanning speed has been significantly improved compared with the combination of ZMap and NMap.At the same time,through the training of random forest model,the scan results of ICSMap can be classified.The classification results show that the model can effectively identify the industrial honeypot distributed in cyberspace.