Reaseach And Application On Risk Analysis Of Industrial Control Systems Under Cyber-physical Attack

Industrial Control Systems(ICSs)are widely used in industrial areas such as electric,petroleum and petrochemical,water treatment,aviation,railway,subway,nuclear engergy,and they are the brain and backbone to the operation of these national critical infrastructures.The essence of modern ICS lies in that it's a kind of Cyber-Physical System(CPS)with deep integration of perception,computation,communication and control capabilities.With the integration of industrial control systems with Internet,Internet of Things(IoT)and other elements,cyberspace and physical space are increasingly overlapping,and a new cyberspace of global interconnection,infromation and physical fusion is emerging.Meanwhile,the cyber security threats are penetrating from the cyberspace into the physical space.A series of events such as the stuxnet have demonstrated that cyber attack can cause significant physical damage to the critical infrastructure and even endanger national security.For the essential question of how to model,evaluate and resist the physical consequences of cyber-physical attacks,this dissertation studies the questions of what is the cyber-physical attack on the ICS,and how to carry out risk assessment and security analysis for the ICS.The main research contents are as follows:(1)For the question of what is the cyber-physical attack on the ICS,this dissertation puts forward the Critical Infrastructure-Cyber-Physical Systems(CI-CPS)system architecture model,CI-CPS operational analysis model and cyber-physical attacks formalization and modeling,therefore constructs a ICS cyber-physical attack analysis framework which is ubiquitously suitable for a variety of critical infrastructures.The framework will provide guidance and can be applied to the ICS risk assessment,ICS software security,ICS experimental platform and application.(2)For ICS risk assessment,this dissertation presents a ICS Cyber-physical attack graph technique that simplifies the complexity of the attack graph generation based on the characteristic of the ICS,and a new risk assessment method integrating D-S evidence theory and Analytic Hierarchy Process(AHP)that can be used to support the national standard "GB/T 37980-2019 Guide for security inspection of industrial control systems".(3)In terms of ICS software security,this dissertation presents a fuzz testing method to detect the malware in the ICS,and a novel control code flow obfuscation method for Android industrial control application code protection.(4)In terms of experimental platform and analysis application,this dissertation proposes and constructs a comprehensive virutal-reality integration ICS experimental platform which can be used to support cyber-physical attack in ICS and related researches,and presents a concept and methodology of ICS scenario fingerprinting which analyze industrial control protocol interactive behavior to represent ICS system-level normal behavior characteristics.Experimental results demonstrate that ICS scenario fingerprinting has a broad spectrum of ICS cyber attack and anomaly detection ability,and can further be applied in ICS cyber threat detection and anomaly detection works.