Research On PLC Vulnerability Mining Of Wind Turbine

In recent years,industrial control security incidents occur frequently,industrial control system(ICS)security has been widely concerned.In this paper,the background analysis is carried out from the aspects of industrial control security events and statistical analysis of industrial control system vulnerabilities.Taking the wind turbine control network as an example,the distribution of the vulnerabilities is analyzed from the point of view of its structure.Combined with the previous analysis,we know that PLC is the key component of industrial control system,while PLC security problems are very serious,so we choose vulnerability mining of wind turbine PLC as our subject,and carry out the research.Our work includes:1.The vulnerability of wind turbine is studied.In this paper,the security events and vulnerabilities of ICS are analyzed.Based on the research results of MW class wind turbine controller,we choose the wind turbine PLC as the vulnerability mining object and analyze characteristics and vulnerability risk of it in detail,which is the basis for the research of vulnerability mining method.2.A guided fuzzy test method based on dynamic stain analysis is designed.This method takes the protocol server in the PLC firmware as the research object,and combines with the dynamic taint analysis(DTA)to trace the way that the program processes the protocol packets and to find out the sensitive field in the packets,which may trigger the vulnerability.And the quantitative rules based on risk weight are designed for this kind of sensitive field.The risk grade of sensitive field is marked by risk weight.According to the magnitude of risk weight,we can determine the degree and priority for vitiating of fuzzing test case,which can improve the accuracy of the fuzzing test case and the efficiency of PLC vulnerability mining.3.The PLC_TaintFuzzer system is implemented.With the help of QEMU simulator for simulation environment and Peach fuzzing framework for fuzzing,the PLC_TaintFuzzer,vulnerability mining system,are built.The former realizes the functions of generate guided information and the latter realizes the functions of fuzzing test case generation and fuzzing.4.A comparative test of vulnerability mining for wind turbine PLC is presented.By compare the experimental data of pure Peach and PLC_TaintFuzzer,the efficiency of vulnerability mining of PLC_TaintFuzzer designed in this paper is proved.