Existing industrial environment attack graph lacks the association display of protocol vulnerabilities, attack semantics and control operations, resulting in missing representations of the intelligent manufacturing system attack graph. The impact of system process operations on the underlying equipment cannot be described in the graph. Therefore, this paper proposes the attack graph association rules for proprietary protocols and specific attacks in industrial environments. Attack graphs for intelligent manufacturing systems with extended semantics are generated based on search algorithms. Furthermore, a three-layer attack graph model incorporating vulnerability, host, and operation layers is designed to integrate business operations into the attack graph for correlated display. Experimental results show that the extended rules and model can effectively enrich and describe the multi-step attack process of the intelligent manufacturing system.
ZHANG Yaofang, ZHANG Zheyu, LI Tongtong, SUN Jun, WANG Zibo, WANG Bailing
. Attack Modeling Combined with Industrial Control Operati[J]. Journal of Applied Sciences, 2023
, 41(5)
: 855
-869
.
DOI: 10.3969/j.issn.0255-8297.2023.05.011
[1] Yaacoub J P A, Salman O, Noura H N, et al. Cyber-physical systems security:limitations, issues and future trends[J]. Microprocessors and Microsystems, 2020, 77:103201.
[2] Pliatsios D, Sarigiannidis P, Lagkas T, et al. A survey on SCADA systems:secure proto cols, incidents, threats and tactics[J]. IEEE Communications Surveys & Tutorials, 2020, 22(3):1942-1976.
[3] Alladi T, Chamola V, Parizi R M, et al. Blockchain applications for industry 4.0 and industrial IoT:a review[J]. IEEE Access, 2019, 7:176935-176951.
[4] Asghar M R, Hu Q, Zeadally S. Cybersecurity in industrial control systems:issues, tech nologies, and challenges[J]. Computer Networks, 2019, 165:106946.
[5] Kim S, Heo G, Zio E, et al. Cyber attack taxonomy for digital environment in nuclear power plants[J]. Nuclear Engineering and Technology, 2020, 52(5):995-1001.
[6] Upadhyay D, Sampalli S. SCADA (supervisory control and data acquisition) systems:vulner ability assessment and security recommendations[J]. Computers & Security, 2020, 89:101666.
[7] 赖英旭, 刘增辉, 蔡晓田, 等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2):143-156. Lai Y X, Liu Z H, Cai X T, et al. Research on intrusion detection of industrial control system[J]. Journal on Communications, 2017, 38(2):143-156. (in Chinese)
[8] Nourian A, Madnick S. A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 15(1):2-13.
[9] Liang G, Weller S R, Zhao J, et al. The 2015 Ukraine blackout:implications for false data injection attacks[J]. IEEE Transactions on Power Systems, 2016, 32(4):3317-3318.
[10] Akbanov M, Vassilakis V G, Logothetis M D. Ransomware detection and mitigation using software-defined networking:the case of WannaCry[J]. Computers & Electrical Engineering, 2019, 76:111-121.
[11] 高岭, 王帆, 高妮, 等. 基于改进蚁群算法的防护策略选择模型[J]. 计算机工程与应用, 2019, 55(7):105-112. Gao L, Wang F, Gao N, et al. Security hardening measures selection model based on improved ant colony optimization[J]. Computer Engineering and Applications, 2019, 55(7):105-112. (in Chinese)
[12] Cao C, Yuan L P, Singhal A, et al. Assessing attack impact on business processes by interconnecting attack graphs and entity dependency graphs[C]//IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Cham, 2018:330-348.
[13] Sun Y, Wu T Y, Liu X, et al. Multilayered impact evaluation model for attacking missions[J]. IEEE Systems Journal, 2014, 10(4):1304-1315.
[14] Mukherjee P, Mazumdar C. "Security Concern" as a metric for enterprise business processes[J]. IEEE Systems Journal, 2019, 13(4):4015-4026.
[15] Sun X, Singhal A, Liu P. Who touched my mission:towards probabilistic mission impact assessment[C]//Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, 2015:21-26.
[16] Sun X, Singhal A, Liu P. Towards actionable mission impact assessment in the context of cloud computing[C]//IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Cham, 2017:259-274.
[17] Stergiopoulos G, Dedousis P, Gritzalis D. Automatic network restruck-turing and risk mitigation through business process asset dependency analysis[J]. Computers & Security, 2020, 96:101869.
[18] Hassanzadeh A, Burkett R. SAMIIT:spiral attack model in IIoT mapping security alerts to attack life cycle phases[C]//5th International Symposium for ICS & SCADA Cyber Security Research, 2018:11-20.
[19] Cheminod M, Durante L, Seno L, et al. Detection of attacks based on known vulnerabilities in industrial networked systems[J]. Journal of Information Security and Applications, 2017, 34:153-165.
