Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Yang Zhong-yi

Abstract:Network Vulnerability Scanner has become an indispensable tool for security administrators.Based on the current network vulnerability scanning tools inadequate,the paper gives the Web-based network vulnerability scanning system that is more adapt to security administrators.

Engineering,Computer Science

Dinghua Wang,Dongqin Feng

DOI: https://doi.org/10.1109/iaeac.2018.8577543

2018-01-01

Abstract:Supervisory control and data acquisition system is an important part of the country's critical infrastructure, but its inherent network characteristics are vulnerable to attack by intruders. The vulnerability of supervisory control and data acquisition system was analyzed, combining common attacks such as information scanning, response injection, command injection and denial of service in industrial control systems, and proposed an intrusion detection model based on graphical features. The time series of message transmission were visualized, extracting the vertex coordinates and various graphic area features to constitute a new data set, and obtained classification model of intrusion detection through training. An intrusion detection experiment environment was built using tools such as MATLAB and power protocol testers. IEC 60870-5-104 protocol which is widely used in power systems had been taken as an example. The results of tests have good effectiveness.

Meng Sun,Qi Wang,Jue He,Huailin Huang,Yu Huang,Xiaojie Shen,Yaohui Xiao,Suchun Fan

DOI: https://doi.org/10.1088/1742-6596/2290/1/012036

2022-01-01

Journal of Physics Conference Series

Abstract:Abstract Power system network is an important guarantee for the smooth operation of power enterprises. Considering the current automatic network vulnerability scanning method of power system, the detection rate of network vulnerability scanning is low due to its poor scheduling ability. Therefore, this paper designs a new automatic scanning method for network vulnerabilities in power system. According to the infrastructure of power system network vulnerability scanner, the power system web page interaction behavior recognition model is constructed to complete the power system web page interaction behavior recognition. On this basis, the power system network scanning scheduling algorithm is designed. Combined with genetic algorithm, the variation process of power system network vulnerabilities is determined, the power system network security situation is determined, the power system network scanning scheduling and vulnerability mining are realized, and the design of power system network leakage automatic scanning method is completed. The experimental link is constructed to verify this method. The verification shows that this method can effectively improve the detection rate of network vulnerability scanning and the efficiency of vulnerability scanning to a certain extent.

Yongzhen Li,Gaolong Wang

DOI: https://doi.org/10.1109/ISAIEE57420.2022.00089

2022-12-01

Abstract:With the rapid development of the internet in China, we are dealing with web sites all the time, but with this comes the increasing vulnerability of various web applications. The vulnerability of web applications can be used to steal information, account theft and fraud, threatening the security of web applications. Therefore, the security detection of web applications is particularly important. This paper introduces the background of today's web application scanning technology, analyses the importance of securing web sites, and focuses on the history and future development trends of web application vulnerability scanning at home and abroad. The system is based on the OWASP Top 10 vulnerabilities of SQL injection and XSS, which have a large impact. By analysing the risks and principles of these two vulnerabilities, a scanning system is designed to run on the Windows platform.

Computer Science

Alaa T. AL Ghazo,Ratnesh Kumar

DOI: https://doi.org/10.1109/tsmc.2023.3345254

2024-01-01

IEEE Transactions on Systems, Man, and Cybernetics: Systems

Abstract:Supervisory control and data acquisition (SCADA) and industrial control systems (ICSs) are designed to operate for extended periods of time and can withstand extreme conditions. However, operators, engineers, and offices change over time, which can lead to outdated documentation and references. This can make it difficult to identify system components and their vulnerabilities, which can pose a security risk. In this article, we present an automated passive method for identifying system components based on network traffic structure and network message characteristics. The proposed approach considers both TCP/IP and Modbus, the two primary communication protocols in SCADA, to identify devices. The algorithm was implemented in Python and evaluated using water treatment SCADA data collected from the iTrust facility. Once the system devices have been identified, the algorithm queries the National Vulnerability Database (NVD) and the Common Vulnerabilities and Exposures (CVE) databases to identify each device’s known vulnerabilities. Using our research on automated attack graph generation and visualization (A2G2V) and strongly connected component induced min label cut (SCCiMLC), we can map device vulnerabilities to system-level attack graphs and identify the bare minimum of device vulnerabilities to mitigate in order to secure the entire system. The proposed technique has been demonstrated to be beneficial in identifying system components in SCADA and ICS systems to increase their security.

automation & control systems,computer science, cybernetics

Qi Wang,Xiaojian Zhang,Qigui Yao

DOI: https://doi.org/10.1088/1755-1315/645/1/012087

2021-01-01

IOP Conference Series Earth and Environmental Science

Abstract:Abstract As one kind of the industrial control networks, the increasing complexity of the advancing smart grid makes the network security risks greatly increased. Thus, it is necessary to ensure the safety of system. This paper proposed an efficient and low-cost comprehensive vulnerability scanning scheme. Considering the idea of non-intrusive detection without additional flow, the passive detection is proposed associated with PROFINET real-time protocol used in ICS. To reduce the redundant and save resource, fusion detection and connectionless detection are suggested separately adapted to Modbus TCP of ICS which utilizes TCP/IP model. Then passive detection and two activate detections are adopted at different frequencies. The analysis results show that the proposed technique has higher efficiency, lower cost and improves the scanning concealment.

Jiang Zhen

Abstract:The paper introduces the current severe situation of the Web security, and brings up the necessity to design Web vulnerability scanning software. Then it analyzes Web crawler, construction of website structure tree, and detection methods of SQL injection, XSS, integer overflow and URL redirection, which provides a guarantee for developing the system successfully. The paper also describes the software architecture and the design of modules. The final testing results prove that the software is able to detect the common types of vulnerabilities rapidly and comprehensively. The software has been published.

Computer Science

赖维莹,陈秀真,李建华

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.18.056

2008-01-01

Abstract:The paper proposes a novel active vulnerability detection system based on C/S mode.This system is composed of two modules:agentand console.The detection agent, which is a vulnerability scanner based on OVAL Schema, can give an effective and all-sided vulnerability scan aswell as reporting the result to the console without any damage to the network.At the same time, the console realizes remote control against theprocess of scans on several computers and gathering of scan results of the whole network.The test result proves that this system is feasible andadvanced.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

耿哲,王秀美,王继龙,于洪奎

DOI: https://doi.org/10.3969/j.issn.1006-2475.2004.11.010

2004-01-01

Abstract:This paper analyzes the importance of network vulnerabilities scanner in the field of network security and its principles of implementation.The strong points of free network vulnerabilities scanner Nessus outgoing other products are presented.Also,the design and implementation of Web-based network vulnerabilities scan system based-on Nessus are given.

Zun-ying QIN,Guo-dong LI,Wei LI,Xu-chang HUANG

2013-01-01

Abstract:A universal and multi-mode OSPF vulnerability detection system was designed based on analysis and research of OSPF vulnerability.The system implements denial of service attack model with the method of forging entity router and man-in-middle attack model with zero-copy technology.The method combining SNMP and bypass monitoring was adopted to achieve real-time monitoring of test results.Finally,the system proves the vulnerability of different types of routing equipments in the test environment and the vulnerability hazards were analyzed quantitatively.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan

DOI: https://doi.org/10.1007/s10796-008-9111-6

2008-01-01

Information Systems Frontiers

Abstract:Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter the issues of high false positive rates, long computational time, and requirement of developing attack codes. Moreover, they are only capable of locating individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities on a host or a section of network with the vulnerabilities possibly distributed among different hosts. To address these issues, an active vulnerability assessment system NetScope with C/S architecture is developed for evaluating computer network security based on open vulnerability assessment language instead of simulating attacks. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correlated so as to automatically construct potential attack paths with strong operation power of relational database management system. The testing results from a series of experiments show that this system has the advantages of a low false positive rate, short running periods, and little impact on the performance of audited systems and good scalability. The security vulnerabilities, undetectable if assessed individually in a network, are discovered without the need to simulate attacks. It is shown that the NetScope system is well suited for vulnerability assessment of large-scale computer networks such as campus networks and enterprise networks. Moreover, it can also be easily integrated with other security tools based on relational databases.

Chen Weihua,Jiang Quanyuan,Cao Yijia

DOI: https://doi.org/10.1109/ipec.2005.207004

2005-01-01

Abstract:With the increasing utilization of HVDC system, security assessment of HVDC system has become a hot topic. This paper presents a novel approach using the framework of vulnerability to assess HVDC system security. First, equivalent models of HVDC systems, based on Markov model and logical diagram, are built to solve "dimension disaster" problem. Second, the risk index is used as an indicator of the level of security, and its sensitivity to a changing system parameter is used as an indicator of its trend. These two indicators are combined to determine the degree of HVDC system vulnerability to contingent disturbances. Finally, artificial neural network (ANN) is applied to the fast pattern recognition and classification of system vulnerability status. A case of Gezhouba-Shanghai HVDC system in China is presented to verify correctness and effectiveness of the approach.

CHEN Xiu-zhen,LI Jian-hua

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.09.004

2007-01-01

Abstract:The main intention of vulnerability assessment technology is to find existed vulnerabilities hidden in the networked systems by active probing and to provide corresponding solutions before hackers exploit them. It is based on the idea of nip in the bud. The most vulnerability assessment systems have shortcomings of high false rate, long-term scanning period and using exploit code. Aimed at these shortcomings, a novel model of vulnerability assessment based on open vulnerability assessment language is proposed in this paper. The proposed system consists of three modules: central console, checking agent and data center, which corporate to achieve vulnerability assessment. Compared with other vulnerability assessment systems, it is of high precision, low impact on the audited system performance, short term scanning period and strong scalability. Moreover, it avoids the work of developing exploit code required by traditional vulnerability assessment systems.

Jia Guo,Yingkai Bao,Bin Yu,Zhian Zeng,Liangyi Wang,Chuangxin Guo

DOI: https://doi.org/10.1109/powercon.2014.6993773

2014-01-01

Abstract:Due to the popularity of intelligent electronic device and digital information transmission in intelligent substation, the security issues of the SAS have become increasingly prominent, it is necessary to carry out security risk assessment for the SAS. This paper proposed a methodology for the security risk assessment of the SAS, the function-based model (FBM) was proposed according to IEC 61850, by which the SAS could be decomposed into functions. Secondly, a method for calculating the function failure probability was presented, referring to information security risk assessment norms, function value was defined to measure the loss of function failure. Based on AHP (analytic hierarchy process, AHP), the transmission weights of function risk were calculated, to integrate function risk into system risk Based on the sensitivity analysis, the assessment and ranking for different parts of SAS are completed, and the weaknesses of SAS are found. Finally, Taking Tl-1 substation SAS system as an example, the feasibility and applicability of the proposed method was verified.

LIN Shunjiang,LIU Mingbo,XU Da,YANG Yinguo,WEN Bojian,YANG Liuqing,YUAN Kanglong,OUYANG Yifeng,LI Ting

DOI: https://doi.org/10.13335/j.1000-3673.pst.2013.11.001

2013-01-01

Abstract:The development and on-line application of voltage control and security assessment for Guangdong power grid are presented. The Linux Redhat is taken as the operating system, the Oracle as data base management system and the power system analysis toolbox (PSAT) as the dynamic simulation tool of overall process, and a multi-platform and multi task system is developed by Java Eclipse platform. The proposed assessment system can perform on-line reading of real-time operational data transmitted by EMS in Electric Power Dispatch and Control Center of Guangdong power grid, and can carry out on-line assessment on impacts of regulation by automatic voltage control (AVC) system on voltage quality, network loss, steady state voltage stability, transient voltage stability and long-term voltage stability, and control strategies to improve various operational indices of Guangdong power grid are given, and the assessment results are published by WEB. An index system for the effect of voltage regulation and control is established, and main functional modules of the assessment system and their implementation are presented. Analysis on actual operation shows that all analyzing and computing modules in the assessment system possess good operational robustness and can perform on-line voltage control and security assessment on continually varying real-time operation data of power grid.

Jun Liu,Xiaoming Liu,Bo Zheng,Tang, J.

DOI: https://doi.org/10.1109/csss.2011.5974598

2011-01-01

Abstract:This paper proposes a code security inspection system based on the Subversion, which aims to avoid the submission of risk codes that contain vulnerabilities such as SQL injection, XSS (Cross Site Script) attacks and CSRF (Cross-site request forgery) to SVN repositories. In the proposed system, the submitted code will be scanned and checked and then the results will be sent to the SQA (Software Quality Assurance) units to ensure the product's safety. The system mainly adopts dependency injection and inversion of control used in the spring framework, and thus it has high scalability and maintainability. The system is also practical, independent, and highly configurable which can meet the needs of different users.

Shengyu Li,Fanjun Meng,Dashun Zhang,Qingqing Liu,Li Lu,Yalan Ye

DOI: https://doi.org/10.1109/iciba52610.2021.9687994

2021-01-01

Abstract:The importance of the security of industrial control network has become increasingly prominent. Aiming at the defects of main security protection system in the intelligent manufacturing industrial control network, we propose a security attack risk detection and defense, and emergency processing capability synchronization technology system suitable for the intelligent manufacturing industrial control system. Integrating system control and network security theories, a flexible and reconfigurable system-wide security architecture method is proposed. On the basis of considering the high availability and strong real-time of the system, our research centers on key technologies supporting system-wide security analysis, defense strategy deployment and synchronization, including weak supervision system reinforcement and pattern matching, etc.. Our research is helpful to solve the problem of industrial control network of “old but full of loopholes” caused by the long-term closed development of the production network of important parts, and alleviate the contradiction between the high availability of the production system and the relatively backward security defense measures.