The traditional vulnerability mining methods for information systems require prior knowledge of protocol specifications, which often necessitates developers to invest significant time in learning and comprehending the protocol format for effective development of vulnerability mining test cases. However, in the power industry, industrial control equipment utilizes a multitude of private protocols with undisclosed specifications (unknown protocols). Consequently, the conventional vulnerability mining technology based on prior knowledge cannot be directly applied to these unknown industrial control protocols. To address this issue, this paper proposes a method and system of fuzzy testing for industrial control equipment based on genetic algorithms. The objective is to resolve challenges such as prolonged development periods, inability to test unknown protocols, and low efficiency in conducting vulnerability mining tests on unknown protocol vulnerabilities within industrial control equipment.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Research on Vulnerability Mining Technology of Electric Power Industrial Control Equipment Based on Genetic Algorithm

  • Zhigang Zhang,
  • Bowen Li,
  • Jie Yang,
  • Fangyu Wang

摘要

The traditional vulnerability mining methods for information systems require prior knowledge of protocol specifications, which often necessitates developers to invest significant time in learning and comprehending the protocol format for effective development of vulnerability mining test cases. However, in the power industry, industrial control equipment utilizes a multitude of private protocols with undisclosed specifications (unknown protocols). Consequently, the conventional vulnerability mining technology based on prior knowledge cannot be directly applied to these unknown industrial control protocols. To address this issue, this paper proposes a method and system of fuzzy testing for industrial control equipment based on genetic algorithms. The objective is to resolve challenges such as prolonged development periods, inability to test unknown protocols, and low efficiency in conducting vulnerability mining tests on unknown protocol vulnerabilities within industrial control equipment.