计算机工程 ›› 2019, Vol. 45 ›› Issue (8): 92-101.doi: 10.19678/j.issn.1000-3428.0051265

• 体系结构与软件技术 • 上一篇    下一篇

面向工业控制系统的渗透测试工具研究

周伟平1, 杨维永2, 王雪华1, 茅兵1   

  1. 1. 南京大学 计算机软件新技术国家重点实验室, 南京 210023;
    2. 南京南瑞信息通信科技有限公司, 南京 210000
  • 收稿日期:2018-04-18 修回日期:2018-08-04 出版日期:2019-08-15 发布日期:2019-08-08
  • 作者简介:周伟平(1992-),男,硕士研究生,主研方向为工业控制系统;杨维永,正高级工程师;王雪华,硕士研究生;茅兵,教授、博士生导师。
  • 基金项目:
    国家自然科学基金(61272078);国家电网公司科技项目(SGHE0000KXJS1700079)。

Research on Penetration Testing Tool for Industrial Control System

ZHOU Weiping1, YANG Weiyong2, WANG Xuehua1, MAO Bing1   

  1. 1. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China;
    2. Nanjing NARI Information and Communication Technology Co., Ltd., Nanjing 210000, China
  • Received:2018-04-18 Revised:2018-08-04 Online:2019-08-15 Published:2019-08-08

摘要: 为提高对工业控制系统的渗透测试效率,保障其安全可靠性并提升系统安全防护能力,基于shell交互技术构建面向工控系统的渗透测试工具框架,并通过Python语言进行实现。设计具有层次结构的网络探测和系统探测模块,利用协议解析和逆向技术对工控协议进行脆弱性检测,同时研究基于工控环境的漏洞利用方式,通过模糊测试模块对测试目标进行漏洞挖掘和脆弱性检测。在此基础上,参考开源Metasploit软件,根据模板规则编写渗透攻击脚本。仿真结果表明,该设计可提高对工控系统的探测效率,降低协议脆弱性检测难度,并且具有结构简明、易于扩展的特点。

关键词: 工业控制系统, 漏洞, 渗透测试, 协议逆向, 模糊测试

Abstract: In order to improve the penetration testing efficiency of an Industrial Control System(ICS),ensure its security and reliability and enhance the system security protection ability,this paper constructs a penetration testing tool framework for ICS based on shell interaction technology and implements it with the Python language.It designs a hierarchical network detection module and system detection module,and uses protocol parsing and reverse technology for vulnerability testing of industrial control protocols.It also researches vulnerability exploitation ways based on the industrial control environment and designs a fuzzy testing module for vulnerability mining and detection of testing targets.On this basis,a penetration attack script is written according to the template rules in reference to the open source software,Metasploit.Simulation results show that this design can improve the detection efficiency for ICS,reduce the difficulty of protocol vulnerability detection.Meanwhile,it has the characteristics of simple structure and easy extension.

Key words: Industrial Control System(ICS), vulnerability, penetration testing, protocol reverse, fuzzy testing

中图分类号: