Security Risk Assessmenton of Attack Graph and HMM Industrial Control Network

doi:10.3969/j.issn.1006-2475.2020.07.007

Abstract

Abstract: In order to evaluate the network security risk of industrial control system and realize the effective defense of industrial control system, a risk assessment method based on attack graph and HMM is proposed to describe the network security status according to the change of attack behavior. Firstly, the industrial control network attack graph model is established, and the network attack is transformed into the network state migration problem. The network node association (NNC) is introduced to study the association of the industrial control network nodes, and further analyze the network security risks. Then the HMM establishes the relationship between network observation and attack state, and introduces the CVSS evaluation system to evaluate the security status of the industrial control system. Finally, a case study is carried out with the centralized control system of thermal power plant as the experimental background. The analysis results show that the method can comprehensively analyze the safety hazards of industrial control systems and provide a basis for safety management personnel to take effective preventive measures.

Key words: industrial control network, network security, risk assessment, attack map, hidden Markov models

CLC Number:

TP393

CUI Wen-di, DUAN Peng-fei, ZHU Hong-qiang, LIU Na. Security Risk Assessmenton of Attack Graph and HMM Industrial Control Network[J]. Computer and Modernization, 2020, 0(07): 32-37.

References ［20］

［1］	STOUFFER K, FALCO J, SCARFONE K.Guide to Industrial Control Systems (ICS) Security［R］. National Institute of Standards & Technology, SP 800-82, 2011.
［2］	邢栩嘉,林闯,蒋屹新. 计算机系统脆弱性评估研究［J］. 计算机学报, 2004,27(1):1-11.
［3］	夏春明,刘涛,王华忠,等. 工业控制系统信息安全现状及发展趋势［J］. 信息安全与技术, 2013(2):13-18.
［4］	SONG H, FINK G, JESCHKE S. Security and privacy in cyber-physical systems:foundations, principles and applications［M］// Security and Privacy in Cyber-Physical Systems. Wiley, 2017:305-326.
［5］	NI M, MCCALLEY J D, VITTAL V, et al. Online risk-based security assessment［J］. IEEE Transactions on Power System, 2003,18(1):258-265.
［6］	SCHNEIER B. Attack trees: Modeling security threats［J］. Doctor Dobb’s Journal, 1999,24(12):21-29.
［7］	SHEYNER 0, HAINES J, JHA S, et al. Automated generation and analysis of attack graphs［C］// Proceedings of the 2002 IEEE Symposium on Security and Privacy. 2002:273-284.
［8］	POOLSAPPASIT N, DEWRI R, RAY I. Dynamic Security Risk Management Using Bayesian Attack Graphs［M］. IEEE Computer Society Press, 2012.
［9］	刘文芬,张树伟,龚心. 一种优化的基于Markov博弈理论的网络风险评估方法［J］. 电信科学, 2014,30(7):13-18.
［10］	林云威,陈冬青,彭勇,等. 基于D-S证据理论的电厂工业控制系统信息安全风险评估［J］. 华东理工大学学报（自然科学版）, 2014,40(4):500-505.
［11］	常昊,秦元庆,周纯杰. 基于贝叶斯攻击图的工控系统动态风险评估［J］. 信息技术, 2018,42(10):70-75.
［12］	董静. 改进的HMM网络安全风险评估方法研究［D］. 武汉:华中科技大学, 2008.
［13］	黄慧萍,肖世德,孟祥印. 基于攻击树的工业控制系统信息安全风险评估［J］. 计算机应用研究, 2015,32(10):3022-3025.
［14］	张永铮,方滨兴,迟悦,等. 网络风险评估中网络节点关联性的研究［J］. 计算机学报, 2007,30(2):234-240.
［15］	胡浩,刘玉岭,张玉臣,等. 基于攻击图的网络安全度量研究综述［J］. 网络与信息安全学报, 2018,4(9):5-20.
［16］	DACIER M, DESWARTE Y. Privilege graph: an extension to the typed access matrix model［C］// The 3rd European Symposium on Research in Computer Security(ESORICS 94). 1994:319-334.
［17］	龚斯谛. 基于AHP和攻击图的工控系统信息安全风险评估研究［D］. 南昌:南昌航空大学, 2017.
［18］	ELLSON J, GANSNER E R, KOUTSOFIOS L, et al. Graphviz - open source graph drawing tools［J］. Lecture Notes in Computer Science, 2002,2265:483-484.
［19］	ARNES A， VALEUR F， VIGNA G， et al． Using hidden Markov models to evaluate the risk of intrusions［C］// Proceedings of the ＲAID’06． 2006:145-164．
［20］	AMES A, VALEUR F, VIGNA G, et al. Using hidden markov models to evaluate the risks of intrusions［C］// Recent Advances in Intrusion Detection. Springer, 2006:145-164.

[1]	WANG Hong-jie, XU Sheng-chao, YANG Bo, MAO Ming-yang, JIANG Jin-ling. Automatic Arrangement Method of Cloud Network Security Service Chain Based on SRv6 Technology [J]. Computer and Modernization, 2024, 0(01): 1-5.
[2]	YANG Jun, WANG Jin-lin, NI Hong, SHENG Yi-qiang, . Dynamic Transfer Method Based on Sensitivity in Industrial Control Network Anomaly Detection [J]. Computer and Modernization, 2023, 0(05): 46-51.
[3]	MAO Ming-yang, XU Sheng-chao. A New Active Defense Model for Complex Network Security [J]. Computer and Modernization, 2023, 0(04): 118-122.
[4]	PAN Yu-qing, ZHANG Su-ning, FENG Ren-jun, JING Dong-sheng. Intrusion Detection Method Based on Particle Swarm Optimization Combined with LightGBM [J]. Computer and Modernization, 2023, 0(04): 123-126.
[5]	CHU Su-hong, LIU Lei, . POF Protocol Parser [J]. Computer and Modernization, 2022, 0(09): 93-98.
[6]	WU Shui-ming, JI Zhi-yuan, WANG Zhen-yu, JING Dong-sheng. Power Information Network Intrusion Detection Algorithm Based on Dueling-DDQN [J]. Computer and Modernization, 2021, 0(12): 43-47.
[7]	LU Sai, ZHUANG Yi. Information System Risk Assessment Model Based on Self-Adaptive Expert Weight [J]. Computer and Modernization, 2021, 0(08): 85-93.
[8]	ZHANG Wen-bo, HU Xi-ming, LI Peng, MA Miao, WANG Tao, . Design and Implementation of Security Experiment of Internet of Things Based on Smart Phone and Smart Home Appliances for New Engineering Disciplines#br# [J]. Computer and Modernization, 2021, 0(04): 109-116.
[9]	HAO Yi-ran, SHENG Yi-qiang, WANG Jing-lin, . Anomaly Detection of Network Traffic Based on t-SNE Dimensionality Reduction Preprocessing [J]. Computer and Modernization, 2021, 0(02): 109-116.
[10]	YAN Rui-an, ZHANG Li-chen. Intrusion Detection Based on Focal Loss and Convolutional Neural Network [J]. Computer and Modernization, 2021, 0(01): 65-69.
[11]	LIAO Zu-qi, LI Fei, ZHANG Peng-fei. CBR-based Emergency Response System and Method for Internet of Vehicle Security [J]. Computer and Modernization, 2020, 0(11): 109-116.
[12]	DAI Rui-feng. Model Construction of College Network Security System Based on SSL Virtual Technology [J]. Computer and Modernization, 2020, 0(08): 122-126.
[13]	WANG Zhu-xiao, ZHANG Peng-peng, LI Wei, WU Ke-he, CUI Wen-chao, CHENG Rui. Electric Power Industrial Control Network Anomaly Detection #br# System Based on Deep Q Network [J]. Computer and Modernization, 2019, 0(12): 114-.
[14]	LI He-ting, FENG Ren-jun, CHEN Hai-yan, JING Dong-sheng. Intrusion Detection Based on Heterogeneous Convolutional Neural Network [J]. Computer and Modernization, 2019, 0(10): 117-.
[15]	YE Qian1,WANG Yu-fei2,FU Yi3,TANG Yu-lan1. GQM-based Risk Assessment Method for Industrial Control Systems [J]. Computer and Modernization, 2019, 0(08): 92-.