[1]郑铁军,王 齐,张宏杰,等.基于组合扫描的无状态工控设备资产探测方法[J].计算机技术与发展,2023,33(07):98-103.[doi:10. 3969 / j. issn. 1673-629X. 2023. 07. 015]
　ZHENG Tie-jun,WANG Qi,ZHANG Hong-jie,et al.Stateless Industrial Control Equipment Asset Detection Method Based on Combined Scanning[J].,2023,33(07):98-103.[doi:10. 3969 / j. issn. 1673-629X. 2023. 07. 015]

点击复制

基于组合扫描的无状态工控设备资产探测方法()

分享到：

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:

33

期数:

2023年07期

页码:

98-103

栏目:

移动与物联网络

出版日期:

2023-07-10

文章信息/Info

Title:

Stateless Industrial Control Equipment Asset Detection Method Based on Combined Scanning

文章编号:

1673-629X(2023)07-0098-06

作者:

郑铁军¹ ; 王 齐²; 3 ; 张宏杰¹ ; 贺建伟¹ ; 雍少华⁴ ; 孙知信⁵

1. 国网宁夏电力有限公司,宁夏 银川 750010;

2. 国网智能电网研究院有限公司,江苏 南京 210003;

3. 信息网络安全国网重点实验室,江苏 南京 210003;

4. 国网中卫供电公司,宁夏 中卫 755099;

5. 南京邮电大学 现代邮政学院,江苏 南京 210003

Author(s):

ZHENG Tie-jun1 ; WANG Qi2; 3 ; ZHANG Hong-jie1 ; HE Jian-wei1 ; YONG Shao-hua4 ; SUN Zhi-xin5

1. State Grid Ningxia Electric Power Co. ,Ltd. ,Yinchuan 750010,China;

2. State Grid Smart Grid Research Institute Co. ,Ltd. ,Nanjing 210003,China;

3. State Grid Key Laboratory of Information & Network Security,Nanjing 210003,China;

4. State Grid Zhongwei Electric Power Supply Company,Zhongwei 755099,China;

5. School of Modern Posts,Nanjing University of Posts and Telecommunications,Nanjing 210003,China

关键词:

工业控制系统; 资产探测; 工控设备; 端口扫描; 异步处理

Keywords:

industrial control system; asset detection; industrial control equipment; port scanning; asynchronous processing

分类号:

TP393

DOI:

10. 3969 / j. issn. 1673-629X. 2023. 07. 015

摘要:

全面探测工控设备资产信息、了解资产状态是确保工业控制系统安全的重要前提。 端口探活是进行资产探测的第一步,端口探活的准确率和效率将直接影响资产探测的性能。 为提升端口探活的速度和准确性,提出了一种基于组合扫描的异步无状态端口扫描方法。 通过构造组合扫描数据包,解决工控设备因禁 ping 导致主机探活准确率降低的问题,同时建立发送数据包线程和接收数据包线程,实现组合扫描数据包的异步处理,消除了传统无状态扫描的回复等待时间,缩短了端口探活时间。 最后以 Modbus 协议为例,构造了资产请求数据包,并分析了数据包中主要字段和功能。 测试结果表明,提出的资产探测方法在端口探活阶段单位时间内可以探测到更多的设备,同时能在较短的时间内完成完整资产信息的探测,在探测准确度和探测时间方面都得到了提升。

Abstract:

Comprehensive detection of the asset information of industrial control equipment and understanding the asset status?

is animportant prerequisite to ensure the safety of industrial control system. Port detection is the first step of asset detection. The accuracy andefficiency of port detection will directly affect the performance of asset detection. In order to improve the speed and accuracy of port detection,an asynchronous stateless port scanning method based on combined scanning is proposed. By constructing combined scanningdata packets,the problem that the accuracy rate of host detection is reduced due to the prohibition of Ping in industrial control equipmentis solved. At the same time,a sending packet thread and a receiving packet thread are established to realize asynchronous processing ofcombined scanning packets,which eliminates the reply waiting time of traditional stateless scanning and shortens the port detection time.　Finally,taking Modbus protocol as an example,the asset request data packet is constructed,and the main fields and functions in the datapacket are analyzed. The test results show that the proposed asset detection method can detect more equipment per unit time in the portdetection stage,and complete the detection of complete asset information in a shorter time,which improves the detection accuracy and detection time.

常用功能