Design Of Industrial Safety Situational Awareness System Based On Network Topology And Device Discovery

With the continuous development of industrial Internet systems and the intelligent manufacturing industry,the safety problems of industrial control systems and products are becoming more and more prominent.The global industrial control security events are growing,and the security situation of industrial control systems is becoming increasingly severe.In order to improve the security capability of an industrial control system,it is very important to quickly discover the overall security situation of the industrial control system.However,the existing security products can not meet the needs.In order to grasp the security situation of the industrial control system quickly and comprehensively,a security situation awareness system of the industrial control system which is based on network topology discovery,ports and operating system types detection is designed.The main contents of this paper are as follows:(1)A cross layer network topology discovery algorithm based on multi-protocol fusion is studied and designed.The advantages and disadvantages of various network topology discovery methods are studied and analyzed.By combining the advantages of protocols such as SNMP,OSPF and LLDP,a multi-protocol fusion network topology discovery algorithm which considers both network layer and link layer is designed to improve the accuracy of the connection relationship between devices and the adaptability to complex network systems.(2)The detection function of equipment ports and operating system types in the industrial control network system is designed and implemented.Fully connected and semi-connected scan modes are used to detect the device ports in the target system.The TCP/IP protocol stack fingerprint detection technology is used to detect the operating system types of the devices in the target system.And through the analysis of Nmap fingerprint information and extensive collection,a fingerprint information library of TCP/IP protocol stack of proprietary device is built,which supports fingerprint information detection of the 9620 devices.(3)A vulnerability database of industrial control equipments is designed and built.By building web crawlers,crawling vulnerability data from well-known information security websites such as NVD,CNNVD and ICS-CERT are used as raw data for building vulnerability repository.According to the CWE system,referring to the ontology design idea,the original vulnerability data are classified and screened,and the multi-source fusion device vulnerability database is obtained to effectively support the potential vulnerability search.(4)A fully functional industrial safety situational awareness system is designed and implemented.The system mainly includes system network topology discovery,device ports and operation system types detection and potential vulnerability searching functions.A detailed system construction scheme is given and the experimental verification and analysis of network topology discovery,device port and operating system detection and vulnerability matching are carried out for the actual system.The experimental results show that the topology discovery function of the multi-protocol fusion network improves the correctness of the topology discovery without affecting the performance.The system can detect the equipment information well and match the potential vulnerabilities,so that the security situation of the industrial control system can be reflected.