CN112528295B - Vulnerability restoration method and device for industrial control system - Google Patents
Vulnerability restoration method and device for industrial control system Download PDFInfo
- Publication number
- CN112528295B CN112528295B CN202011534863.9A CN202011534863A CN112528295B CN 112528295 B CN112528295 B CN 112528295B CN 202011534863 A CN202011534863 A CN 202011534863A CN 112528295 B CN112528295 B CN 112528295B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- information
- target
- restoration
- bug
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Stored Programmes (AREA)
Abstract
The application is applicable to the technical field of network security, and provides a vulnerability restoration method and device of an industrial control system. The vulnerability restoration method comprises the following steps: detecting a vulnerability to be repaired existing in an industrial control system; obtaining target vulnerability information corresponding to the vulnerability to be repaired; searching a corresponding target bug fix tool from a pre-constructed bug information base according to the target bug information, wherein a plurality of preset known bug information and bug fix tools corresponding to each known bug information are recorded in the bug information base; and repairing the vulnerability to be repaired by adopting the target vulnerability repairing tool. According to the method, the vulnerability information base is constructed in advance, the target vulnerability repair tool is determined from the vulnerability information base after the target vulnerability information is acquired, and finally, the vulnerability to be repaired of the industrial control system is repaired through the target vulnerability repair tool.
Description
Technical Field
The application belongs to the technical field of network security, and particularly relates to a vulnerability restoration method, device, terminal equipment and storage medium of an industrial control system.
Background
Along with the high-speed development of the Internet, the theory of the integration of the two technologies is mature gradually, and an industrial control system adopts an open network interconnection technology and commercial IT standard products gradually. The digital and intelligent development advances the industrial production development and brings a plurality of potential safety hazards. For example, some core embedded devices represented by PLCs in industrial production have weak security capability, and the networking result clearly increases the risk of the industrial control device being attacked by malicious agents. In recent years, various attack events aiming at an industrial control system are increasing, and serious defects in safety protection are exposed, so that the information safety construction of the industrial control system is accelerated.
For potential safety risks, precautions are taken in advance; for the discovered system loopholes, timely repair is needed. At present, the system loopholes are manually matched by a scheme, and corresponding repair tools are searched for repair, but the method is low in repair efficiency, and the loopholes in a non-working period cannot be repaired in time, so that the repair timeliness is low.
Disclosure of Invention
In view of this, the embodiments of the present application provide a method, an apparatus, a terminal device, and a storage medium for repairing a vulnerability of an industrial control system, which can repair a vulnerability of a system in real time, and improve repair efficiency of the system.
In a first aspect, an embodiment of the present application provides a vulnerability restoration method of an industrial control system, including:
detecting a vulnerability to be repaired existing in an industrial control system;
obtaining target vulnerability information corresponding to the vulnerability to be repaired;
searching a corresponding target bug fix tool from a pre-constructed bug information base according to the target bug information, wherein a plurality of preset known bug information and bug fix tools corresponding to each known bug information are recorded in the bug information base;
and repairing the vulnerability to be repaired by adopting the target vulnerability repairing tool.
According to the method, the vulnerability information base is constructed in advance, the target vulnerability restoration tool is determined from the vulnerability information base after the target vulnerability information is acquired, and finally, the vulnerability to be restored of the industrial control system is restored through the target vulnerability restoration tool.
Further, the vulnerability information library is constructed by the following steps:
crawling all known vulnerability information of the industrial control system and a vulnerability restoration scheme of each known vulnerability information through a network, wherein the vulnerability restoration scheme records a vulnerability restoration tool corresponding to the corresponding known vulnerability information;
Crawling downloading links of all vulnerability restoration tools recorded in all vulnerability restoration schemes through a network;
downloading all the vulnerability restoration tools through the downloading link, and constructing the vulnerability information base according to all the known vulnerability information and all the downloaded vulnerability restoration tools.
By utilizing the technology of the web crawler, known vulnerability data published by a designated website are crawled, then vulnerability restoration tools corresponding to each piece of known vulnerability information are obtained from the known vulnerability data and downloaded, and finally a vulnerability information base is constructed according to the known vulnerability information and the vulnerability restoration tools, so that when the same vulnerability appears in an internal industrial control system, the vulnerability restoration tools are matched in time and the vulnerability restoration is carried out.
Further, the obtaining the target vulnerability information corresponding to the vulnerability to be repaired includes:
acquiring log information of the industrial control system;
analyzing the log information to obtain each vulnerability information identifier contained in the log information;
and determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifiers.
After the bug to be repaired is detected, obtaining each bug information identifier contained in the log information by obtaining and analyzing the bug information of the industrial control system, and determining target bug information corresponding to the bug to be repaired according to the bug information identifier.
Further, if no corresponding target bug fix tool is found from the bug information base according to the target bug information, displaying an information input button on an interface of a bug fix system;
if a target operation instruction of the information input button is detected, displaying a vulnerability information input box corresponding to the type of the target operation instruction;
after an information storage instruction is detected, new vulnerability information input in the vulnerability information input box is obtained, and the new vulnerability information is added into the vulnerability information base.
The target vulnerability information may be vulnerability information which is not recorded in the vulnerability information base or has different names, so that a corresponding target vulnerability repair tool cannot be found from the vulnerability information base according to the target vulnerability information. At this time, the target bug information can be newly added or modified by clicking an information input button by a user, and then synchronously updated into a bug information base after being stored, and when the bug appears again, a corresponding target bug repairing tool can be directly found through the bug information base for repairing, so that the bug repairing efficiency and reliability are improved.
Further, after detecting the target operation instruction to the information input button, before displaying the vulnerability information input box corresponding to the type of the target operation instruction, the method further comprises:
acquiring user identity information of a current login of the vulnerability restoration system;
if the user identity information belongs to preset identity information corresponding to each type of target operation instruction, executing the step of displaying a vulnerability information input box corresponding to the type of the target operation instruction and the subsequent steps;
and if the user identity information does not belong to the preset identity information corresponding to the target operation instructions of each type, outputting indication information of the current user unauthorized operation.
Different user identity information has different operation authorities, so that after a user clicks an information input button, whether the user identity information logged in by the current vulnerability restoration system has authority to execute a target operation instruction needs to be determined, after the user identity information is determined to have the corresponding authority, a vulnerability information input box corresponding to the target operation instruction can be displayed, and vulnerability information is stored and updated to a vulnerability information library after an information storage instruction is detected; if the user identity information is determined not to have the corresponding authority, the corresponding prompt information of the current user unauthorized operation is output. Before executing the operation instruction, user identity information is confirmed, so that the security of vulnerability information and the updating accuracy can be improved, and the robustness of the vulnerability repair system can be improved.
Further, obtaining vulnerability repair historical data of the industrial control system recorded by the vulnerability repair system, wherein the vulnerability repair historical data comprises repaired vulnerability data and unrepaired vulnerability data of the industrial control system;
and displaying the repaired vulnerability data and the unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
When the to-be-repaired bug of the industrial control system is detected and the bug repair is completed, the bug repair system records repaired bug data and unrepaired bug data, so that in order to facilitate users to intuitively know the current bug repair situation of the system, the repaired bug data and unrepaired bug data of the industrial control system can be converted into a chart form and displayed in an interface of the bug repair system, and the visualization of the data is improved.
In a second aspect, an embodiment of the present application provides a vulnerability restoration device of an industrial control system, including:
the vulnerability information acquisition module is used for detecting vulnerabilities to be repaired existing in the industrial control system;
the target vulnerability information acquisition module is used for acquiring target vulnerability information corresponding to the vulnerability to be repaired;
The target vulnerability restoration tool searching module is used for searching corresponding target vulnerability restoration tools from a pre-constructed vulnerability information base according to the target vulnerability information, and a plurality of preset known vulnerability information and vulnerability restoration tools corresponding to each known vulnerability information are recorded in the vulnerability information base;
and the vulnerability restoration module is used for restoring the vulnerability to be restored by adopting the target vulnerability restoration tool.
Further, the device further comprises:
the system comprises a known vulnerability data crawling module, a vulnerability restoration module and a vulnerability restoration module, wherein the known vulnerability data crawling module is used for crawling all known vulnerability information of the industrial control system and a vulnerability restoration scheme of each known vulnerability information through a network, and the vulnerability restoration scheme records a vulnerability restoration tool corresponding to the corresponding known vulnerability information;
the download link crawling module is used for crawling download links of all vulnerability restoration tools recorded in all vulnerability restoration schemes through a network;
and the vulnerability information base construction module is used for downloading each vulnerability restoration tool through the download link and constructing the vulnerability information base according to each piece of known vulnerability information and each downloaded vulnerability restoration tool.
In a third aspect, an embodiment of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements a bug fix method of an industrial control system according to the first aspect of the embodiment of the present application when the processor executes the computer program.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium storing a computer program, where the computer program is executed by a processor to implement a bug fix method of an industrial control system as set forth in the first aspect of the embodiments of the present application.
Compared with the prior art, the embodiment of the application has the beneficial effects that: the system loopholes can be repaired in real time, and the repair efficiency of the system is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required for the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a vulnerability restoration method of an industrial control system according to an embodiment of the present application;
FIG. 2 is a block diagram of a vulnerability restoration device of an industrial control system according to an embodiment of the present application;
fig. 3 is a schematic diagram of a terminal device provided in an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular device structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The terminology used in the following embodiments is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification and the appended claims, the singular forms "a," "an," "the," and "the" are intended to include, for example, "one or more" such forms of expression, unless the context clearly indicates to the contrary. It should also be understood that in embodiments of the present application, "one or more" means one, two, or more than two; "and/or", describes an association relationship of the association object, indicating that three relationships may exist; for example, a and/or B may represent: a alone, a and B together, and B alone, wherein A, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship.
The vulnerability restoration method of the industrial control system provided by the embodiment of the application can be applied to terminal devices or servers such as mobile phones, tablet computers, medical devices, wearable devices, vehicle-mounted devices, augmented reality (augmented reality, AR)/Virtual Reality (VR) devices, notebook computers, ultra-mobile personal computer (UMPC), netbooks, personal digital assistants (personal digital assistant, PDA) and the like, and the specific types of the terminal devices and the servers are not limited.
Industrial control systems are widely used in various fields of national and civil life. Along with the high-speed development of the Internet age, the trend of combining industrialization and informatization is more and more compact, the informatization plays a very important role in the aspects of production operation, management and management of industrial enterprises and the like, and the information system and informatization equipment aiming at the business and safety research and development of the industrial enterprises are increasingly increased. From the technical point of view, with the continuous change and the complexity of the network environment, the enterprise informatization is continuously developed and in depth, the information security risk is increased, and the probability of various security threats to various communication systems and trusted devices through the internet is increased. Important key infrastructures such as energy and electric power become key points of hacking, the attack range faced by an industrial control system is continuously enlarged, the attack is more accurate, the security threat is increasingly serious, and the key infrastructures gradually penetrate into various key fields of industrial production and national economic life.
For potential safety risks, precautions are taken in advance; for the discovered system loopholes, timely repair is needed. At present, the system loopholes are manually matched by a scheme, and corresponding repair tools are searched for repair, but the method is low in repair efficiency, and the loopholes in a non-working period cannot be repaired in time, so that the repair timeliness is low. Aiming at the problem, the application provides a vulnerability restoration method of an industrial control system, so that detected vulnerabilities can be restored in real time.
Referring to fig. 1, fig. 1 shows a flowchart of a vulnerability restoration method of an industrial control system provided in the present application, including:
101. detecting a vulnerability to be repaired existing in an industrial control system;
firstly, a vulnerability to be repaired existing in an industrial control system can be detected, and in particular, the vulnerability detection method can be obtained by scanning with a vulnerability scanner. The execution main body of the embodiment may be a terminal device provided with a bug repairing system, wherein the bug scanner is a module belonging to the bug repairing system, and is mainly used for scanning bugs of an industrial control system in an enterprise, the bug repairing system further comprises three other modules, namely a building module of a bug information base, which is mainly used for building bug repairing of the industrial control system in the enterprise, the other module is a bug repairing module, and by means of a bug repairing tool provided by the bug information base, the bug repairing tool is used for repairing bugs to be repaired by scanning out by the bug scanner, the other module is a data visualization output module, and data about users is displayed in a designated interface in a chart form.
102. Obtaining target vulnerability information corresponding to the vulnerability to be repaired;
after detecting the loopholes to be repaired existing in the industrial control system, obtaining target loophole information corresponding to the loopholes to be repaired, wherein the target loophole information can comprise a loophole name, a device manufacturer, a loophole type, a hazard level, a loophole description and the like.
In one embodiment, the target vulnerability information corresponding to the vulnerability to be repaired may be obtained by:
acquiring log information of the industrial control system;
analyzing the log information to obtain each vulnerability information identifier contained in the log information;
and determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifiers.
The log information of the industrial control system is acquired through a system log or a system recording protocol syslog or a simple network management protocol SNMP, and after the log information is acquired, the log information needs to be analyzed to acquire target vulnerability information corresponding to the vulnerability to be repaired. Specifically, after the log information is analyzed, each vulnerability information identifier contained in the log information is obtained, and at this time, the target vulnerability information of the vulnerability to be repaired can be determined according to the vulnerability information identifier.
103. Searching a corresponding target bug fix tool from a pre-constructed bug information base according to the target bug information, wherein a plurality of preset known bug information and bug fix tools corresponding to each known bug information are recorded in the bug information base;
by pre-constructing and recording known vulnerability information and a vulnerability information base of a vulnerability repair tool corresponding to each known vulnerability information, the corresponding target vulnerability repair tool can be queried from the vulnerability base according to the target vulnerability information after the target vulnerability information is obtained.
In one embodiment, the vulnerability information library may be constructed by:
crawling all known vulnerability information of the industrial control system and a vulnerability restoration scheme of each known vulnerability information through a network, wherein the vulnerability restoration scheme records a vulnerability restoration tool corresponding to the corresponding known vulnerability information;
crawling downloading links of all vulnerability restoration tools recorded in all vulnerability restoration schemes through a network;
downloading all the vulnerability restoration tools through the downloading link, and constructing the vulnerability information base according to all the known vulnerability information and all the downloaded vulnerability restoration tools.
Web crawlers, also known as "web spiders", are techniques that search for web pages by their connection addresses, start from a certain page of the web site, read the content of the web page, find other connection addresses in the web page, and then search for the next web page by these connection addresses, so that it is known to loop until all web pages on the internet have been crawled according to a certain policy. The technology is adopted, known vulnerability information published by each large authority vulnerability information disclosure website is collected and used as an important part for constructing a vulnerability information base, and a mature solution is provided for vulnerability restoration of an industrial control system, wherein the vulnerability information disclosure website can be platforms such as an explloit-db, a key infrastructure security emergency response center ICS-CERT, a national information security vulnerability sharing platform CNVD and the like, the explloit-db is a vulnerability submitting platform for hackers worldwide, the platform can publish relevant conditions of the latest vulnerability, and the disclosed relevant information can help enterprises to improve the security conditions of companies, and meanwhile, security researchers and penetration test engineers can be helped to perform security test work better. For a vulnerability to be repaired, what is needed is a vulnerability repair tool that can repair it. Therefore, after crawling all known vulnerability information and the repairing schemes of each known vulnerability information, the downloading links of all vulnerability repairing tools recorded in the schemes can be further crawled according to the vulnerability repairing schemes, all vulnerability repairing tools are downloaded through the downloading links, and finally a vulnerability information base can be constructed according to the corresponding relations between all known vulnerability information and all downloaded vulnerability repairing tools.
Although many known vulnerability information is recorded in the vulnerability information base, different names may exist in the target vulnerability information, so that a corresponding target vulnerability information repair tool cannot be found, or the vulnerability information is a newly found vulnerability, so that a corresponding target vulnerability repair tool cannot be found from the vulnerability information base. When this occurs, in order to improve the robustness of the vulnerability repair system, in one embodiment, the vulnerability repair method may further include:
if the corresponding target bug fix tool is not found from the bug information base according to the target bug information, displaying an information input button on an interface of a bug fix system;
if a target operation instruction of the information input button is detected, displaying a vulnerability information input box corresponding to the type of the target operation instruction;
after an information storage instruction is detected, new vulnerability information input in the vulnerability information input box is obtained, and the new vulnerability information is added into the vulnerability information base.
If the corresponding target bug fix tool cannot be found from the bug information base according to the target bug information, an input information button can be displayed on an interface of the bug fix system. In this case, the user can click a certain information input button to enable the vulnerability repair system to detect a target operation instruction aiming at the information input button, further display a vulnerability information input box corresponding to the type of the target operation instruction, and newly add, modify and view the type of the target operation instruction, if the type of the target operation instruction is newly added, display a vulnerability information input box without content; if the type of the target operation instruction is modification, displaying a vulnerability information input box containing known vulnerability information content to be modified, and clicking the corresponding input box to edit and modify the internal charge in the input box; if the type of the target operation instruction is view, a vulnerability information input box containing known vulnerability information content to be viewed is displayed, but the vulnerability information input box cannot edit vulnerability information and can only be referred to.
After the user edits or revisions, the save button is clicked, at this time, an information save instruction can be detected, and after the instruction is detected, new vulnerability information input in the vulnerability information input box can be obtained and updated into the vulnerability information library. By updating the vulnerability information base, when the target vulnerability information corresponding to the vulnerability to be repaired is the updated vulnerability information, the corresponding target vulnerability repair tool can be directly obtained from the vulnerability information base for repairing. It should be noted that part of the vulnerability information recorded in the vulnerability information library may be completely overcome, the vulnerability will not appear any more, and the part of the vulnerability information should be cleaned in time, so as to ensure the accuracy of the vulnerability information in the vulnerability information library. Therefore, the type of the target operation instruction can be deleting, when the target operation instruction is received, deleting confirmation information is sent out, and when the deleting confirmation information is received, the corresponding vulnerability information can be deleted from the vulnerability information base.
To ensure security of vulnerability information, in one embodiment, after detecting a target operation instruction to the information input button, before displaying a vulnerability information input box corresponding to a type of the target operation instruction, the method further includes:
Acquiring user identity information of a current login of the vulnerability restoration system;
if the user identity information belongs to preset identity information corresponding to each type of target operation instruction, executing the step of displaying a vulnerability information input box corresponding to the type of the target operation instruction and the subsequent steps;
and if the user identity information does not belong to the preset identity information corresponding to the target operation instructions of each type, outputting indication information of the current user unauthorized operation.
And the permission of different types of target operation instructions is set for different identity information, so that the security of vulnerability information can be improved. Specifically, the user identity information of the current login vulnerability repairing system can be obtained, then the user identity information is confirmed, namely the user identity information is matched with preset identity information corresponding to each type of target operation instruction, and if the matching is successful, the step of displaying a vulnerability information input box corresponding to the type of the target operation instruction and the subsequent steps are executed; if the matching fails, that is, the current user identity is not authorized to instruct the target operation instruction, corresponding prompt information is output for feedback. The relationship between each type of target operation instruction and preset identity information may refer to table 1.
TABLE 1
Note that: and the 'V' indicates that the corresponding preset identity information has permission to operate the corresponding type of target operation instruction.
Further, in order to avoid the situation that the target bug fix tool cannot be found according to the target bug information due to non-uniform classification of the bug information, in one embodiment, the known bug information can be reclassified and then stored after being crawled, and similarly, the target bug fix tool is found after reclassified after the target bug information is obtained, and the accuracy and the efficiency of the target bug fix tool finding can be improved by unifying the classification standards of the bug information. The specific classification rules are vulnerability grade classification, and the collected vulnerability information is classified according to high risk, medium risk and low risk; the vulnerability type classification comprises a plurality of classifications such as authority improvement vulnerability, denial of service vulnerability, buffer overflow vulnerability, directory traversal vulnerability, command injection vulnerability and the like; the vulnerability vendor classification supports classifying devices with vulnerabilities according to the device vendor. After reclassifying, the classified data can be counted and converted into a chart form for display in the vulnerability restoration system, and the comprehensive analysis of the classified data can be helpful for enterprises to select equipment more suitable for the enterprises. For example, a target vulnerability with the highest vulnerability level is determined first, then the target vulnerability and the equipment manufacturer are subjected to joint analysis, and if the number of the equipment with the highest vulnerability level of a certain equipment manufacturer is the largest, whether other better equipment is selected can be considered, so that the information security of the industrial control system is further improved.
104. And repairing the vulnerability to be repaired by adopting the target vulnerability repairing tool.
After the target bug fix tool is obtained, the bug fix tool can be utilized to fix the bug to be repaired. The whole process can be automatically completed, the timeliness of bug repair is improved, and the bug repair efficiency is improved.
In order to facilitate the user to know the situation of bug fixes, the bug fixes method may further include:
obtaining vulnerability repair historical data of the industrial control system recorded by the vulnerability repair system, wherein the vulnerability repair historical data comprises repaired vulnerability data and unrepaired vulnerability data of the industrial control system;
and displaying the repaired vulnerability data and the unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
When the to-be-repaired bug of the industrial control system is detected and the bug repair is completed, the bug repair system records repair bug data and unrepaired bug data, and in order to facilitate users to intuitively know the current bug repair situation of the system, the repaired bug data and unrepaired bug data of the industrial control system are converted into a chart form and displayed in an interface of the bug repair system, so that the visualization of the data is improved.
According to the method, the vulnerability information base is constructed in advance, the target vulnerability repair tool is determined from the vulnerability information base after the target vulnerability information is acquired, and finally, the vulnerability to be repaired of the industrial control system is repaired through the target vulnerability repair tool.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not limit the implementation process of the embodiment of the present application in any way.
Fig. 2 is a block diagram of a vulnerability restoration device of an industrial control system according to an embodiment of the present application, and for convenience of explanation, only a portion related to the embodiment of the present application is shown.
Referring to fig. 2, the apparatus includes:
the vulnerability information acquisition module 201 is configured to detect a vulnerability to be repaired existing in the industrial control system;
a target vulnerability information obtaining module 202, configured to obtain target vulnerability information corresponding to the vulnerability to be repaired;
the target bug fix tool searching module 203 is configured to search a corresponding target bug fix tool from a pre-constructed bug information base according to the target bug information, where a plurality of preset known bug information and bug fix tools corresponding to each known bug information are recorded in the bug information base;
And the bug fix module 204 is configured to fix the bug to be repaired by using the target bug fix tool.
Further, the apparatus may further include:
the system comprises a known vulnerability data crawling module, a vulnerability restoration module and a vulnerability restoration module, wherein the known vulnerability data crawling module is used for crawling all known vulnerability information of the industrial control system and a vulnerability restoration scheme of each known vulnerability information through a network, and the vulnerability restoration scheme records a vulnerability restoration tool corresponding to the corresponding known vulnerability information;
the download link crawling module is used for crawling download links of all vulnerability restoration tools recorded in all vulnerability restoration schemes through a network;
and the vulnerability information base construction module is used for downloading each vulnerability restoration tool through the download link and constructing the vulnerability information base according to each piece of known vulnerability information and each downloaded vulnerability restoration tool.
Further, the target vulnerability information obtaining module 202 may include:
the log information acquisition unit is used for acquiring log information of the industrial control system;
the vulnerability information identification acquisition unit is used for analyzing the log information to obtain each vulnerability information identification contained in the log information;
And the target vulnerability information determining unit is used for determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifiers.
Further, the apparatus may further include:
the information input button display module is used for displaying an information input button on an interface of the vulnerability restoration system if a corresponding target vulnerability restoration tool is not found from the vulnerability information base according to the target vulnerability information;
the vulnerability information input box display module is used for displaying a vulnerability information input box corresponding to the type of the target operation instruction if the target operation instruction of the information input button is detected;
and the vulnerability information base updating module is used for acquiring new vulnerability information input in the vulnerability information input box after detecting the information storage instruction and adding the new vulnerability information into the vulnerability information base.
Further, the apparatus may further include:
the user identity acquisition module is used for acquiring user identity information currently logged in the vulnerability restoration system before displaying a vulnerability information input box corresponding to the type of the target operation instruction after detecting the target operation instruction of the information input button;
A user identity confirmation first module, configured to execute a step of displaying a vulnerability information input box corresponding to a type of the target operation instruction and a subsequent step if the user identity information belongs to preset identity information corresponding to the target operation instruction of each type;
and the user identity confirmation second module is used for outputting indication information of the current user unauthorized operation if the user identity information does not belong to preset identity information corresponding to the target operation instructions of each type.
Further, the apparatus may further include:
the system comprises a historical data acquisition module, a vulnerability restoration module and a vulnerability management module, wherein the historical data acquisition module is used for acquiring vulnerability restoration historical data of the industrial control system recorded by the vulnerability restoration system, and the vulnerability restoration historical data comprises restored vulnerability data and unrepaired vulnerability data of the industrial control system;
the historical data display module is used for displaying repaired vulnerability data and unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
The embodiment of the application also provides a terminal device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the steps of the vulnerability restoration method of each industrial control system as proposed by the application when executing the computer program.
The embodiments of the present application also provide a computer readable storage medium storing a computer program, which when executed by a processor, implements the steps of the vulnerability restoration method of each industrial control system as set forth in the present application.
The embodiment of the application also provides a computer program product, when the computer program product runs on the terminal equipment, the terminal equipment is caused to execute the steps of the vulnerability restoration method of each industrial control system.
Fig. 3 is a schematic structural diagram of a terminal device according to an embodiment of the present application. As shown in fig. 3, the terminal device 3 of this embodiment includes: at least one processor 30 (only one shown in fig. 3), a memory 31 and a computer program 32 stored in the memory 31 and executable on the at least one processor 30, the processor 30 implementing the steps in any of the browser-driven configuration method embodiments described above when executing the computer program 32.
The terminal device 3 may be a computing device such as a desktop computer, a notebook computer, a palm computer, a cloud server, and a wearable device such as a smart watch and a smart bracelet. The terminal device may include, but is not limited to, a processor 30, a memory 31. It will be appreciated by those skilled in the art that fig. 3 is merely an example of the terminal device 3 and does not constitute a limitation of the terminal device 3, and may include more or less components than illustrated, or may combine certain components, or different components, such as may also include input-output devices, network access devices, etc.
The processor 30 may be a central processing unit (Central Processing Unit, CPU), the processor 30 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 31 may in some embodiments be an internal storage unit of the terminal device 3, such as a hard disk or a memory of the terminal device 3. The memory 31 may in other embodiments also be an external storage device of the terminal device 3, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the terminal device 3. Further, the memory 31 may also include both an internal storage unit and an external storage device of the terminal device 3. The memory 31 is used for storing an operating device, an application program, a boot loader (BootLoader), data, and other programs, etc., such as program codes of the computer program. The memory 31 may also be used for temporarily storing data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above device may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application implements all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a terminal device, a recording medium, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunication signal, and a software distribution medium. Such as a U-disk, removable hard disk, magnetic or optical disk, etc.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (7)
1. A method for bug fixes in an industrial control system, comprising:
detecting a vulnerability to be repaired existing in an industrial control system;
obtaining target vulnerability information corresponding to the vulnerability to be repaired;
searching a corresponding target bug fix tool from a pre-constructed bug information base according to the target bug information, wherein a plurality of preset known bug information and bug fix tools corresponding to each known bug information are recorded in the bug information base;
repairing the vulnerability to be repaired by adopting the target vulnerability repairing tool;
the obtaining the target vulnerability information corresponding to the vulnerability to be repaired specifically includes:
Acquiring log information of the industrial control system;
analyzing the log information to obtain each vulnerability information identifier contained in the log information;
determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifiers;
the vulnerability information base is constructed by the following steps:
crawling all known vulnerability information of the industrial control system and a vulnerability restoration scheme of each known vulnerability information through a network, wherein the vulnerability restoration scheme records a vulnerability restoration tool corresponding to the corresponding known vulnerability information;
crawling downloading links of all vulnerability restoration tools recorded in all vulnerability restoration schemes through a network;
downloading each vulnerability restoration tool through the download link;
classifying the known vulnerability information based on preset classification rules, wherein the classification rules comprise classification rules based on vulnerability grades, classification rules based on vulnerability types and classification rules based on vulnerability manufacturers;
and constructing the vulnerability information base according to the classified known vulnerability information and the downloaded vulnerability repair tools.
2. The vulnerability restoration method of claim 1, further comprising:
If the corresponding target bug fix tool is not found from the bug information base according to the target bug information, displaying an information input button on an interface of a bug fix system;
if a target operation instruction of the information input button is detected, displaying a vulnerability information input box corresponding to the type of the target operation instruction;
after an information storage instruction is detected, new vulnerability information input in the vulnerability information input box is obtained, and the new vulnerability information is added into the vulnerability information base.
3. The vulnerability restoration method of claim 2, after detecting a target operation instruction to the information input button, before displaying a vulnerability information input box corresponding to the type of the target operation instruction, further comprising:
acquiring user identity information of a current login of the vulnerability restoration system;
if the user identity information belongs to preset identity information corresponding to each type of the target operation instruction, executing the step of displaying a vulnerability information input box corresponding to the type of the target operation instruction and the subsequent steps;
and if the user identity information does not belong to the preset identity information corresponding to the target operation instructions of each type, outputting indication information of the current user unauthorized operation.
4. The vulnerability remediation method of claim 2, further comprising
Obtaining vulnerability repair historical data of the industrial control system recorded by the vulnerability repair system, wherein the vulnerability repair historical data comprises repaired vulnerability data and unrepaired vulnerability data of the industrial control system;
and displaying the repaired vulnerability data and the unrepaired vulnerability data of the industrial control system in a chart form in an interface of the vulnerability repair system.
5. A vulnerability restoration apparatus for an industrial control system, comprising:
the vulnerability information acquisition module is used for detecting vulnerabilities to be repaired existing in the industrial control system;
the target vulnerability information acquisition module is used for acquiring target vulnerability information corresponding to the vulnerability to be repaired;
the target vulnerability restoration tool searching module is used for searching corresponding target vulnerability restoration tools from a pre-constructed vulnerability information base according to the target vulnerability information, and a plurality of preset known vulnerability information and vulnerability restoration tools corresponding to each known vulnerability information are recorded in the vulnerability information base;
the vulnerability restoration module is used for restoring the vulnerability to be restored by adopting the target vulnerability restoration tool;
The target vulnerability information acquisition module comprises:
the log information acquisition unit is used for acquiring log information of the industrial control system;
the vulnerability information identification acquisition unit is used for analyzing the log information to obtain each vulnerability information identification contained in the log information;
the target vulnerability information determining unit is used for determining target vulnerability information corresponding to the vulnerability to be repaired according to the vulnerability information identifiers;
the vulnerability restoration device further comprises:
the system comprises a known vulnerability data crawling module, a vulnerability restoration module and a vulnerability restoration module, wherein the known vulnerability data crawling module is used for crawling all known vulnerability information of the industrial control system and a vulnerability restoration scheme of each known vulnerability information through a network, and the vulnerability restoration scheme records a vulnerability restoration tool corresponding to the corresponding known vulnerability information;
the download link crawling module is used for crawling download links of all vulnerability restoration tools recorded in all vulnerability restoration schemes through a network;
the repair tool downloading module is used for downloading each vulnerability repair tool through the downloading link;
the vulnerability information classification module is used for classifying the known vulnerability information based on preset classification rules, wherein the classification rules comprise classification rules based on vulnerability grades, classification rules based on vulnerability types and classification rules based on vulnerability manufacturers;
And the vulnerability information base construction module is used for constructing and obtaining the vulnerability information base according to the classified known vulnerability information and the downloaded vulnerability repair tools.
6. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the vulnerability restoration method of any one of claims 1-4 when executing the computer program.
7. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the vulnerability restoration method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011534863.9A CN112528295B (en) | 2020-12-22 | 2020-12-22 | Vulnerability restoration method and device for industrial control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011534863.9A CN112528295B (en) | 2020-12-22 | 2020-12-22 | Vulnerability restoration method and device for industrial control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112528295A CN112528295A (en) | 2021-03-19 |
| CN112528295B true CN112528295B (en) | 2023-05-02 |
Family
ID=74975799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011534863.9A Active CN112528295B (en) | 2020-12-22 | 2020-12-22 | Vulnerability restoration method and device for industrial control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112528295B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113391752B (en) * | 2021-06-21 | 2023-11-14 | 昆明理工大学 | Interaction method of touch interaction equipment based on mouse |
| CN115174379A (en) * | 2022-07-27 | 2022-10-11 | 西安热工研究院有限公司 | Vulnerability repair method and device of industrial control network and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104270389A (en) * | 2014-10-23 | 2015-01-07 | 国网湖北省电力公司电力科学研究院 | Method and system for automatically restoring security configuration vulnerability of router/ interchanger |
| US9977905B2 (en) * | 2015-10-06 | 2018-05-22 | Assured Enterprises, Inc. | Method and system for identification of security vulnerabilities |
| CN107277021A (en) * | 2017-06-26 | 2017-10-20 | 云南电网有限责任公司信息中心 | A kind of new open leak coverage identification and remediation management system and method |
| EP3665885B1 (en) * | 2017-09-14 | 2022-05-04 | Siemens Aktiengesellschaft | System and method to check automation system project security vulnerabilities |
| CN110443046B (en) * | 2019-08-14 | 2021-10-29 | 中国电子信息产业集团有限公司第六研究所 | Vulnerability repairing method and device |
-
2020
- 2020-12-22 CN CN202011534863.9A patent/CN112528295B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112528295A (en) | 2021-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Milajerdi et al. | Holmes: real-time apt detection through correlation of suspicious information flows | |
| Aliero et al. | An algorithm for detecting SQL injection vulnerability using black-box testing | |
| Costin et al. | A {Large-scale} analysis of the security of embedded firmwares | |
| CN112491602B (en) | Behavior data monitoring method and device, computer equipment and medium | |
| US20150047034A1 (en) | Composite analysis of executable content across enterprise network | |
| CN104246785A (en) | System and method for crowdsourcing of mobile application reputations | |
| CN110598411A (en) | Sensitive information detection method and device, storage medium and computer equipment | |
| CN111683047B (en) | Unauthorized vulnerability detection method, device, computer equipment and medium | |
| CN112528295B (en) | Vulnerability restoration method and device for industrial control system | |
| US10454967B1 (en) | Clustering computer security attacks by threat actor based on attack features | |
| US11916964B2 (en) | Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement using API call graph | |
| CN115150261B (en) | Alarm analysis method, device, electronic equipment and storage medium | |
| CN112668010A (en) | Method, system and computing device for scanning industrial control system for bugs | |
| CN113139192A (en) | Third-party library security risk analysis method and system based on knowledge graph | |
| Zhu et al. | General, efficient, and real-time data compaction strategy for APT forensic analysis | |
| Abbass et al. | Using EBIOS for risk management in critical information infrastructure | |
| Li et al. | Large-scale third-party library detection in android markets | |
| US9621677B1 (en) | Monitoring accesses to computer source code | |
| CN113626829A (en) | Intelligent terminal operating system vulnerability repair method and system based on vulnerability information | |
| CN116668107A (en) | Automatic patrol and network attack tracing method | |
| CN113127875A (en) | Vulnerability processing method and related equipment | |
| CN116595554A (en) | Method and device for realizing government affair data security analysis based on multiple dimensions | |
| KR20220116410A (en) | Security compliance automation method | |
| CN114528552A (en) | Security event correlation method based on vulnerability and related equipment | |
| Fan et al. | Comprehensive quantitative analysis on privacy leak behavior |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |