融合工业控制操作的攻击建模

doi:10.3969/j.issn.0255-8297.2023.05.011

应用科学学报 ›› 2023, Vol. 41 ›› Issue (5): 855-869.doi: 10.3969/j.issn.0255-8297.2023.05.011

• 计算机科学与应用 • 上一篇

融合工业控制操作的攻击建模

张耀方^1,3, 张哲宇², 李彤彤^1,3, 孙军², 王子博^1,3, 王佰玲^1,3

1. 哈尔滨工业大学(威海) 计算机科学与技术学院, 山东威海 264200;
2. 国家工业信息安全发展研究中心, 北京 100040;
3. 哈尔滨工业大学网络空间安全研究院, 黑龙江哈尔滨 150001

收稿日期:2021-08-16 发布日期:2023-09-28
通信作者: 王佰玲,教授,博导,研究方向为信息内容安全、信息对抗、工业互联网安全等。E-mail:wbl@hit.edu.cn E-mail:wbl@hit.edu.cn
基金资助:
国防基础科研计划（No.JCKY2019608B001）资助

Attack Modeling Combined with Industrial Control Operati

ZHANG Yaofang^1,3, ZHANG Zheyu², LI Tongtong^1,3, SUN Jun², WANG Zibo^1,3, WANG Bailing^1,3

1. School of Computer Science and Technology, Harbin Institute of Technology (Weihai), Weihai 264200, Shandong, China;
2. China Industrial Control Systems Cyber Emergency Response Team, Beijing 100040, China;
3. School of Cyberspace Science, Harbin Institute of Technology, Harbin 150001, Heilongjiang, China

Received:2021-08-16 Published:2023-09-28

摘要/Abstract

摘要： 现有工业环境攻击图缺少协议漏洞、攻击语义和控制操作的关联展示，导致智能制造系统攻击图的表述存在缺失，且系统流程操作对底层设备影响无法在图中进行描述。为此，该文对攻击图语义和攻击图模型进行研究，提出了工业环境下专有协议和特定攻击的攻击图关联规则，基于搜索算法生成扩展语义的智能制造系统攻击图。同时，设计了包含漏洞层、主机层、操作层的三层攻击图模型，利用操作与主机的映射关系将智能制造系统业务操作融入到攻击图中进行关联展示。实验结果表明，所提的扩展规则和模型可以较好地丰富和描述智能制造系统的多步攻击过程。

关键词: 工业控制, 智能制造系统, 攻击图, 语义扩展, 业务操作

Abstract: Existing industrial environment attack graph lacks the association display of protocol vulnerabilities, attack semantics and control operations, resulting in missing representations of the intelligent manufacturing system attack graph. The impact of system process operations on the underlying equipment cannot be described in the graph. Therefore, this paper proposes the attack graph association rules for proprietary protocols and specific attacks in industrial environments. Attack graphs for intelligent manufacturing systems with extended semantics are generated based on search algorithms. Furthermore, a three-layer attack graph model incorporating vulnerability, host, and operation layers is designed to integrate business operations into the attack graph for correlated display. Experimental results show that the extended rules and model can effectively enrich and describe the multi-step attack process of the intelligent manufacturing system.

Key words: industrial control, intelligent manufacturing system, attack graph, semantic extension, business operation

中图分类号:

TP393

张耀方, 张哲宇, 李彤彤, 孙军, 王子博, 王佰玲. 融合工业控制操作的攻击建模[J]. 应用科学学报, 2023, 41(5): 855-869.

ZHANG Yaofang, ZHANG Zheyu, LI Tongtong, SUN Jun, WANG Zibo, WANG Bailing. Attack Modeling Combined with Industrial Control Operati[J]. Journal of Applied Sciences, 2023, 41(5): 855-869.

参考文献

[1] Yaacoub J P A, Salman O, Noura H N, et al. Cyber-physical systems security:limitations, issues and future trends[J]. Microprocessors and Microsystems, 2020, 77:103201.
[2] Pliatsios D, Sarigiannidis P, Lagkas T, et al. A survey on SCADA systems:secure proto cols, incidents, threats and tactics[J]. IEEE Communications Surveys & Tutorials, 2020, 22(3):1942-1976.
[3] Alladi T, Chamola V, Parizi R M, et al. Blockchain applications for industry 4.0 and industrial IoT:a review[J]. IEEE Access, 2019, 7:176935-176951.
[4] Asghar M R, Hu Q, Zeadally S. Cybersecurity in industrial control systems:issues, tech nologies, and challenges[J]. Computer Networks, 2019, 165:106946.
[5] Kim S, Heo G, Zio E, et al. Cyber attack taxonomy for digital environment in nuclear power plants[J]. Nuclear Engineering and Technology, 2020, 52(5):995-1001.
[6] Upadhyay D, Sampalli S. SCADA (supervisory control and data acquisition) systems:vulner ability assessment and security recommendations[J]. Computers & Security, 2020, 89:101666.
[7] 赖英旭, 刘增辉, 蔡晓田, 等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2):143-156. Lai Y X, Liu Z H, Cai X T, et al. Research on intrusion detection of industrial control system[J]. Journal on Communications, 2017, 38(2):143-156. (in Chinese)
[8] Nourian A, Madnick S. A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 15(1):2-13.
[9] Liang G, Weller S R, Zhao J, et al. The 2015 Ukraine blackout:implications for false data injection attacks[J]. IEEE Transactions on Power Systems, 2016, 32(4):3317-3318.
[10] Akbanov M, Vassilakis V G, Logothetis M D. Ransomware detection and mitigation using software-defined networking:the case of WannaCry[J]. Computers & Electrical Engineering, 2019, 76:111-121.
[11] 高岭, 王帆, 高妮, 等. 基于改进蚁群算法的防护策略选择模型[J]. 计算机工程与应用, 2019, 55(7):105-112. Gao L, Wang F, Gao N, et al. Security hardening measures selection model based on improved ant colony optimization[J]. Computer Engineering and Applications, 2019, 55(7):105-112. (in Chinese)
[12] Cao C, Yuan L P, Singhal A, et al. Assessing attack impact on business processes by interconnecting attack graphs and entity dependency graphs[C]//IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Cham, 2018:330-348.
[13] Sun Y, Wu T Y, Liu X, et al. Multilayered impact evaluation model for attacking missions[J]. IEEE Systems Journal, 2014, 10(4):1304-1315.
[14] Mukherjee P, Mazumdar C. "Security Concern" as a metric for enterprise business processes[J]. IEEE Systems Journal, 2019, 13(4):4015-4026.
[15] Sun X, Singhal A, Liu P. Who touched my mission:towards probabilistic mission impact assessment[C]//Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, 2015:21-26.
[16] Sun X, Singhal A, Liu P. Towards actionable mission impact assessment in the context of cloud computing[C]//IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Cham, 2017:259-274.
[17] Stergiopoulos G, Dedousis P, Gritzalis D. Automatic network restruck-turing and risk mitigation through business process asset dependency analysis[J]. Computers & Security, 2020, 96:101869.
[18] Hassanzadeh A, Burkett R. SAMIIT:spiral attack model in IIoT mapping security alerts to attack life cycle phases[C]//5th International Symposium for ICS & SCADA Cyber Security Research, 2018:11-20.
[19] Cheminod M, Durante L, Seno L, et al. Detection of attacks based on known vulnerabilities in industrial networked systems[J]. Journal of Information Security and Applications, 2017, 34:153-165.

融合工业控制操作的攻击建模

Attack Modeling Combined with Industrial Control Operati

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价