Research On Attack Graph Vulnerability Analysis Technology Applied To Industrial Control Systems

Along with the development of the information technology,industrial infrastructures are developing towards a direction in combination with computer networks.Industrial Control Systems(ICSs)act as controllers and supervisors in critical infrastructures like nuclear industry,electrical,water and wastewater etc.However,considered that they are working in the production environment and their systems are unable to accomplish online updating or upgrading,the system components are under the risks of being too old and vulnerable.Meanwhile,they are unavoidably connecting with the outer IT systems.Above reasons put the ICSs under threats like worm viruses and denial of services.They are breaking the stability or even threatening the safety of people's life and property.With the appearance of the first net-war weapon "Stuxnet",which was developed by the U.S.and was aimed at sabotaging the nuclear industries in Iran,the information security in ICSs has become a state concern."Stuxnet" exploited the interactions among several vulnerabilities in hosts of ICSs,which was undetectable by the host security scanning method.Whereas,the attack graph analyze the interrelations among vulnerabilities in a network by graphs.The attack graph is a new technology to evaluate the risks of network security.So the meaning is significant to apply the attack graph into ICS's vulnerability.Firstly,this paper studies deeply into the ICSs and the method of ICS's vulnerability analysis.The work is the theoretical basis of our attack graph technology applied to ICS's vulnerability analysis.Secondly,this paper studies related work of several researchers and the advantages of each attack graph technology.After that,this paper summarizes the functionality and performance that the attack graph vulnerability analysis technology of ICS should have.Thirdly,this paper designs an attack graph tool's architecture for the ICS's vulnerability analysis.This architecture is based on the prototypical reasoning engine Mu1VAL,and it is composed of a node optimizing algorithm,a database of ICS security analysis rules and displaying technology for the graph.This architecture satisfies the applicability for ICS's security analysis and the neatness of attack graph displaying.Finally,this paper introduces the implementation of our attack graph tool's architecture for the ICS's vulnerability analysis.Through two different experiments,the paper proves the feasibility and availability of our architecture applying to the ICS's vulnerability analysis.