Visible to the public Biblio

Filters: Author is Fei, Jiaxuan  [Clear All Filters]
2023-02-03
Li, Mingxuan, Li, Feng, Yin, Jun, Fei, Jiaxuan, Chen, Jia.  2022.  Research on Security Vulnerability Mining Technology for Terminals of Electric Power Internet of Things. 2022 IEEE 6th Information Technology and Mechatronics Engineering Conference (ITOEC). 6:1638–1642.
Aiming at the specificity and complexity of the power IoT terminal, a method of power IoT terminal firmware vulnerability detection based on memory fuzzing is proposed. Use the method of bypassing the execution to simulate and run the firmware program, dynamically monitor and control the execution of the firmware program, realize the memory fuzzing test of the firmware program, design an automatic vulnerability exploitability judgment plug-in for rules and procedures, and provide power on this basis The method and specific process of the firmware vulnerability detection of the IoT terminal. The effectiveness of the method is verified by an example.
ISSN: 2693-289X
Zou, Zhenwan, Yin, Jun, Yang, Ling, Luo, Cheng, Fei, Jiaxuan.  2022.  Research on Nondestructive Vulnerability Detection Technology of Power Industrial Control System. 2022 IEEE 6th Information Technology and Mechatronics Engineering Conference (ITOEC). 6:1591–1594.

The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.

ISSN: 2693-289X

2019-11-19
Fei, Jiaxuan, Shi, Congcong, Yuan, Xuechong, Zhang, Rui, Chen, Wei, Yang, Yi.  2019.  Reserch on Cyber Attack of Key Measurement and Control Equipment in Power Grid. 2019 IEEE International Conference on Energy Internet (ICEI). :31-36.

The normal operation of key measurement and control equipment in power grid (KMCEPG) is of great significance for safe and stable operation of power grid. Firstly, this paper gives a systematic overview of KMCEPG. Secondly, the cyber security risks of KMCEPG on the main station / sub-station side, channel side and terminal side are analyzed and the related vulnerabilities are discovered. Thirdly, according to the risk analysis results, the attack process construction technology of KMCEPG is proposed, which provides the test process and attack ideas for the subsequent KMCEPG-related attack penetration. Fourthly, the simulation penetration test environment is built, and a series of attack tests are carried out on the terminal key control equipment by using the attack flow construction technology proposed in this paper. The correctness of the risk analysis and the effectiveness of the attack process construction technology are verified. Finally, the attack test results are analyzed, and the attack test cases of terminal critical control devices are constructed, which provide the basis for the subsequent attack test. The attack flow construction technology and attack test cases proposed in this paper improve the network security defense capability of key equipment of power grid, ensure the safe and stable operation of power grid, and have strong engineering application value.