摘要
随着计算机网络技术在工控系统中的应用日益增多,使得工业控制系统被网络中存在的恶意程序或者网络攻击破坏的风险大大增加。因此,如何及时准确地找出工控系统存在的漏洞就显得尤为重要。文章基于CVE工业控制系统漏洞库,借鉴Fuzzing测试、Open VAS等当前主流的漏洞发现技术思想并对其进行改进和提升,设计和开发了工控漏洞发现和分析系统,并搭建工控系统仿真环境对其进行测试,验证了系统的有效性。
As the computer network technology plays a more and more important role in industrial control systems,the risks of destruction from malware or network attacks are greatly increased.Therefore,how to accurately identify the industrial control system vulnerabilities in a timely manner is particularly important.In this paper,Fuzzing test,OpenVAS and other current mainstream discovery techniques are improved and an industrial control vulnerability discovery and analysis system is proposed based on CVE industrial control vulnerabilities library.Simulation results verify the effectiveness of the system.
作者
秦媛媛
朱广宇
田晓娜
陈波
张松清
Qin Yuanyuan;Zhu Guangyu;Tian Xiaona;Chen Bo;Zhang Songqing(The 6th Research Institute of China Electronics Corporation,Beijing 100083,China)
出处
《信息通信技术》
2017年第3期54-59,共6页
Information and communications Technologies