摘要
探测是安全的第一步,对于工控设备资产信息进行有效的探测和获取是实现工业互联网信息监测和安全漏洞发现的重要起点。结合modbus、s7、dnp3 和BACnet 四种工控协议的通信机制和数据报文结构提出了一种针对运行在不同工控协议上的工控设备的并发进行资产探测的通用方法。通过实验证明,该方法较传统的探测方式在功能上具有通用性,在性能上提高了对工控设备的资产信息探测速率和准确率,可以为工控设备的安全预警、设备检测与维护提供帮助。
Detection is the first step of security, and the effective detection and acquisition of the assets information of industrial control equipment is an important starting point for the realization of industrial Internet information monitoring and security vulnerability discovery. This paper combines the communication mechanism and data message structure of four industrial control protocols, modbus, s7, dnp3 and BACnet, to propose a general method for concurrent asset detection for industrial control equipment running on different industrial control protocols. The experimental result proves that the method is more versatile than the traditional detection method, and improves the asset information detection rate and accuracy of the industrial control equipment in performance, which can help the safety warning and equipment detection and maintenance of the industrial control equipment.
作者
于新铭
郭燕慧
YU Xinming;GUO Yanhui(School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China)
出处
《计算机工程与应用》
CSCD
北大核心
2019年第20期65-72,共8页
Computer Engineering and Applications
基金
国家242信息安全计划
关键词
工业控制系统
资产探测
工控协议
信息安全
industrial control system
asset detection
industrial control agreement
information safety
