| With the acceleration of the digitalization and automation processes in the industrial control industry,the intelligence level of industrial control systems is constantly improving.Although the development of intelligence can improve production efficiency,reduce costs,improve product quality,and reduce human errors,it also brings a series of network security risks,among which the most prominent is the problem of network attacks targeting vulnerabilities in industrial control equipment.Industrial equipment vulnerabilities refer to defects in industrial control system software,hardware,or communication protocol design.Hackers can use these defects to pose a serious threat to the production processes and business operations of control vendors.Due to the special nature of the work in the control industry,industrial control systems cannot be maintained and updated as frequently as regular IT systems,and daily operations require extremely high real-time and reliability of the system.Once under attack,it can cause economic losses at the least and affect normal social order at the most.However,mainstream vulnerability scanning systems target Internet device vulnerabilities,which makes it difficult to detect control vulnerabilities when applied directly to control equipment.Frequent vulnerability scanning and verification may also affect the normal operation of control systems.Therefore,it is necessary to study harmless vulnerability scanning methods for control systems.This thesis analyzes in depth the shortcomings of existing device identification and vulnerability matching methods,proposes targeted improvements,and improves the accuracy of identification while making it more suitable for control systems.The specific work is as follows:(1)A machine learning-based passive device identification method is proposed to address the problems of the existing device identification method’s impact on control networks and complex and time-consuming matching.This method extracts features from TCP complete streams,generates device fingerprints combined with MAC address OUI,and uses machine learning methods to identify devices in control traffic.Experimental results show that this identification method effectively improves the accuracy of device identification.(2)A WFN-based approximate matching algorithm is proposed to address the problem of vulnerability underreporting and false reporting caused by incorrect matching in the existing vulnerability matching method.In the process of vulnerability matching,this algorithm converts the CPE URI format into the WFN format and uses the Jaro similarity algorithm to calculate the similarity between WFN sub-properties for vulnerability matching.Experimental results show that this matching algorithm effectively reduces the vulnerability underreporting and false reporting caused by matching errors.(3)Combining the proposed research methods,this thesis designs and implements a harmless industrial control vulnerability scanning system.This system has basic functions such as user management,asset identification,and vulnerability matching,is developed based on a B/S architecture,and allows users to operate the system through a web page.Finally,compared with other passive scanning tools,this system has a higher accuracy while improving scanning efficiency,and the effectiveness of the system is verified by testing each function from the user’s perspective. |
PDF Full Text Request