计算机科学 ›› 2015, Vol. 42 ›› Issue (11): 212-216.doi: 10.11896/j.issn.1002-137X.2015.11.044
姜伟伟,刘光杰,戴跃伟
JIANG Wei-wei, LIU Guang-jie and DAI Yue-wei
摘要: 工业控制网络通信协议的脆弱性是导致工控网络遭受攻击的主要因素。Modbus TCP是工控网络的典型通信协议。在对Modbus TCP协议进行脆弱性分析的基础上,结合Snort检测机制对典型的异常行为进行归类,提出了一种用于Snort的Modbus TCP协议异常数据流检测模板。Modbus TCP的分析和规则模板的设计方法也可推广至其他基于工业控制协议的网络,具有一定的普适性。
[1] 张运凯,王长广,王方伟,等.“震荡波”蠕虫分析与防范[J].计算机工程,2005,1(18):65-67Zhang Yun-kai,Wang Chang-guang,Wang Fang-wei,et al.Other “Sasser” worm analysis and prevention [J].Computer Enginee-ring,2005,1(18):65-67 [2] Beaumont P.Stuxnet worm heralds new era of global cyberwar[N].London:Guardian.co.uk,2010-9-30(16) [3] Ardisk K.Stuxnet病毒引发的嵌入式系统安全性考虑[J].电子技术设计,2013(3):49-50 Ardisk K.Stuxnet virus triggered embedded system security considerations [J].Electronic Technology Design,2013(3):49-50 [4] 高国辉.西门子被曝工业系统漏洞或影响多数工业化国家[N].南方日报,2011-6-8(A18) Gao Guo-hui.Siemens traced to industrial system vulnerabilities or affected most industrialized countries [N].Nanfang Daily,2011-6-8(A18) [5] Bencsáth B,Pék G,Buttyán L,et al.Duqu:Analysis,detection,and lessons learned[C]∥ACM European Workshop on System Security (EuroSec).2012 [6] 纪芳.Flame病毒深度分析及防范技术[J].信息网络安全,2012(12):67-69 Ji Fang.Flame virus-depth analysis and prevention techniques [J].Information Network Security,2012(12):67-69 [7] 李鸿培.工业控制系统及其安全性研究报告[R].绿盟科技,2013 Li Hong-pei.Industrial control systems and safety research report [R].NSFOCUS,2013 [8] 卢慧康.工业控制系统脆弱性测试与风险评估研究[D].上海:华东理工大学,2014 Lu Hui-kang.Industrial control systems vulnerability testing and risk assessment studies [D].Shanghai:East China University of Technology,2014 [9] Morris T H,Jones B A,Vaughn R B,et al.Deterministic intrusion detection rules for MODBUS protocols[C]∥2013 46th Hawaii International Conference on System Sciences (HICSS).IEEE,2013:1773-1781 [10] Fovino I N,Carcano A,De Lacheze Murel T,et al.Modbus/DNP3 state-based intrusion detection system[C]∥2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA).IEEE,2010:729-736 [11] Quickdraw scada IDS[EB/OL].[2014-09-25].http://www.digitalbond.com/tools/quickdraw/ [12] Modbus Application Protocol Specification V1.1b[DB/OL].[2014-09-25].http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf [13] MODBUS over Serial Line Specification and ImplementationGuide V1.02[DB/OL].http://www.modbus.org/docs/Modbus_over_serial_line_V1_02.pdf [14] MODBUS Messaging on TCP/IP Implementation Guide V11[DB/OL].[2014-09-25].http://www.electroind.com/pdf/Modbus_messaging_on_TCPIP_implementation_guide_V11.pdf [15] Roesch Martin,Green Chris.Snort users manual 2.9.6[EB/OL].[2014-09-25].http://manual.snort.org/ [16] 卞峥嵘.Backtracks从入门到精通[M].国防工业出版社,2012 Bian Zheng-rong.Backtracks From Novice to Professional [M].National Defense Industry Press,2012 [17] Blanchette J,Summerfield M.C++ GUI programming with Qt 4[M].Prentice Hall Professional,2006 |
No related articles found! |
|