基于混合测试的工控系统攻击测试模拟方法研究

Research on attack test simulation method of industrial control system based on hybrid testing

近些年工业控制系统逐步向通用化、标准化发展,原有封闭性和专有性被打破,造成易被攻击,各种渗透、病毒、木马等安全威胁向工控领域迅速扩散,导致了日益严重的信息安全问题。文章结合渗透测试技术,在传统网络攻击测试模拟基础上,设计并实现工控系统攻击测试模拟方法。该方法包含三个功能:一是提出一种基于攻击期望的攻击路径生成算法;二是实现基于白盒和黑盒测试的漏洞攻击测试模拟;三是结合工业以太网基于特征码进行请求应答通信的特征,对工控设备进行信息探测。这种方法具有三个优势:从不同角度提供工控系统攻击试验模拟;无需对攻击建模分析;系统操作简单。实验结果显示,与传统探测工具相比,基于该方法实现的系统检测率更高。

In recent years,industrial control systems have gradually developed towards generalization and standardization.The original closeness and exclusiveness have been broken,which makes them vulnerable to attack.Various security threats such as penetration,virus and Trojan horse have spread rapidly to the field of industrial control,resulting in increasingly serious information security problems.Based on penetration test technology and traditional network attack test simulation,this paper designs and implements an attack test simulation method for industrial control system.This method includes three functions:one is to propose an attack path generation algorithm based on attack expectation;the other is to realize vulnerability test simulation based on white-box and black-box test;the third is to detect the information of industrial control equipment by combining the characteristics of industrial Ethernet based on signature-based request-response communication.This method has three advantages:providing attack test simulation of industrial control system from different angles;no need for attack modeling and analysis;and simple operation of the system.The experimental results show that the detection rate of the system based on this method is higher than that of the traditional detection tools.