Design And Implementation Of Vulnerability Scanning System For Industrial Control System

The development of automation,intelligence and network of industrial control system breaks the original security boundary of industrial control system and introduces a lot of security risks.Traditional security protection means,for example,traditional vulnerability scanning technology,can find the information of vulnerability in it network equipment,so as to strengthen network security,but it is not applicable in industrial control environment.Therefore,it has important theoretical significance and practical value to study the implementation of vulnerability scanning technology in the industrial control environment.In order to improve the security protection ability of the industrial control system,this paper studies the vulnerability scanning technology in the industrial environment,puts forward the vulnerability scanning model in the industrial environment,and realizes the industrial control vulnerability scanning system based on the study of the device type identification technology,the analysis of the industrial control protocol and the construction of the industrial control vulnerability database.First of all,in order to clarify the requirements of the industrial control vulnerability scanning system,this paper analyzes the functional and non-functional requirements of the system,draws the overall business flow chart of the industrial control vulnerability scanning system,and clarifies the roles involved in the system and the flow of each function realization.Secondly,in order to obtain more abundant asset information of devices more safely,this paper studies the hierarchical identification technology and HMI identification method used in the passive detection module of vulnerability scanning system.In order to obtain the level information of the equipment,firstly,according to the architecture of industrial control system,a kind of equipment level recognition algorithm based on the communication relationship between nodes is proposed.The algorithm obtains the level information of the equipment by calculating the communication logic between nodes.However,the accuracy of the algorithm is low in the industrial scenario of control layer interconnection.In order to solve this problem,this paper proposes an improved hierarchical recognition algorithm based on the communication relationship between layers,and the experimental results show that the accuracy has improved significantly.In addition,on the basis of hierarchical recognition,in order to identify HMI devices from process layer devices,this paper proposes an algorithm based on the characteristics of communication periodicity and communication length.Experiments show that the algorithm is more reliable than the conventional method which only uses communication length to judge HMI devices.Thirdly,in order to obtain the detailed asset information and vulnerability information of the device,this paper studies the active detection and vulnerability identification modules in the vulnerability scanning model.For the active detection module,in order to solve the problem of less research on the identification method of industrial control protocol equipment,this paper deeply analyzes the S7 protocol and Ethernet/IP protocol,and puts forward the active detection and identification method of these two types.In addition,for the vulnerability identification module,aiming at the lack of research on the construction and matching methods of the industrial control vulnerability database,this paper establishes the industrial control vulnerability database.In order to achieve fast matching,it studies the index number and index term used in the construction of the vulnerability database.Finally,this paper proposes a multi-level index matching algorithm,and compares it with AC algorithm.The experiment shows that the algorithm has a higher matching rate in the industrial control system.Finally,the paper designs and implements the industrial control vulnerability scanning system,and shows the architecture and test results of the device detection module and vulnerability scanning module in the system.