面向工控联网设备的安全管理技术  

作　　者：陈翊璐 孙军 程晟滔 张哲宇 王子博 王佰玲[1,2] CHEN Yi-lu;SUN Jun;CHENG Sheng-tao;ZHANG Zhe-yu;WANG Zi-bo;WANG Bai-ling(School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264209, China;Research Institute of CyberSpace Security, Harbin Institute of Technology, Harbin 150001, China;China Industrial Control Systems Cyber Emergency Response Team, Beijing 100040, China)

机构地区：[1]哈尔滨工业大学(威海)计算机科学与技术学院,威海264209 [2]哈尔滨工业大学网络空间安全研究院,哈尔滨150001 [3]国家工业信息安全发展研究中心,北京100040

出　　处：《科学技术与工程》2021年第33期14266-14272,共7页Science Technology and Engineering

基　　金：国防基础科研计划(JCKY2019608B001)。

摘　　要：针对工业控制系统中智能化、网络化设备存在的漏洞威胁,展开面向工业控制联网设备的安全管理关键技术研究。联网设备类型的识别是后续获取设备详细信息和漏洞管理的关键,针对无法准确识别人机接口问题,提出一种结合通信长度和周期性特征的设备识别方法;此外,考虑工控漏洞库规模逐步扩大,提出一种多级索引信息匹配的漏洞检索方法。最后,结合联网设备的网络特性、业务特点及安全需求,设计一套适用于工业控制联网设备的安全管理系统。实验结果表明所提方法在设备类型识别准确性与漏洞检索方面有明显改善。In terms of vulnerabilities in intelligent and networked devices in industrial control systems,key technologies for safety management of industrial control networked devices was studied.The recognition of networked devices is the key to subsequent acquisition of detailed device information and vulnerability management.In order to solve the problem that human-machine interface devices cannot be accurately identification,a device recognition method that incorporates communication length and periodic characteristics was proposed.In addition,considering the gradual expansion of the industrial control vulnerability database,a multi-level index information matching method for vulnerability retrieval was explored.Finally,based on the network characteristics,workflow features and security requirements of networked devices,a devices security management system for industrial control network devices was designed.The experimental results demonstrate that the proposed methods improve the device identification accuracy and the performance in vulnerability retrieval significantly.

关 键 词：工业控制系统 联网设备 安全管理 被动解析 主动探测 漏洞库构建 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]