计算机工程与应用 ›› 2019, Vol. 55 ›› Issue (20): 65-72.DOI: 10.3778/j.issn.1002-8331.1808-0217

• 网络、通信与安全 • 上一篇    下一篇

一种针对工控设备的资产探测方法

于新铭,郭燕慧   

  1. 北京邮电大学 网络空间安全学院,北京 100876
  • 出版日期:2019-10-15 发布日期:2019-10-14

Asset Detection Method for Industrial Control Equipment

YU Xinming, GUO Yanhui   

  1. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Online:2019-10-15 Published:2019-10-14

摘要: 探测是安全的第一步,对于工控设备资产信息进行有效的探测和获取是实现工业互联网信息监测和安全漏洞发现的重要起点。结合modbus、s7、dnp3和BACnet四种工控协议的通信机制和数据报文结构提出了一种针对运行在不同工控协议上的工控设备的并发进行资产探测的通用方法。通过实验证明,该方法较传统的探测方式在功能上具有通用性,在性能上提高了对工控设备的资产信息探测速率和准确率,可以为工控设备的安全预警、设备检测与维护提供帮助。

关键词: 工业控制系统, 资产探测, 工控协议, 信息安全

Abstract: Detection is the first step of security, and the effective detection and acquisition of the assets information of industrial control equipment is an important starting point for the realization of industrial Internet information monitoring and security vulnerability discovery. This paper combines the communication mechanism and data message structure of four industrial control protocols, modbus, s7, dnp3 and BACnet, to propose a general method for concurrent asset detection for industrial control equipment running on different industrial control protocols. The experimental result proves that the method is more versatile than the traditional detection method, and improves the asset information detection rate and accuracy of the industrial control equipment in performance, which can help the safety warning and equipment detection and maintenance of the industrial control equipment.

Key words: industrial control system, asset detection, industrial control agreement, information safety