| In recent years,the industry control system have gradually become a smart,connected system,rather than the closed,isolated one before.After implementing to connect with the outside world,the risk of attack will be increased.So how to comprehensively assess the industrial control network vulnerability and take relevant measures to reduce the dangers of attack,which has become the research hot spot.Attack graph is a kind of analysis technology based on the model of network vulnerability,which can connect the network vulnerability in all hosts and found the attack path that threat the network security,safety management personnel can use it to compensate for the best target network vulnerability.In order to defense control system better,we use the attack graph technology to model control network vulnerability and analyze.The paper will do the following work:(1)Introduce the development history of industrial control systems and expounds the vulnerability of control network and comparing with the traditional IT network,highlighted the differences in ICS(industrial control security),and then the paper expounds the current research status of the vulnerability of industrial control system and the problem we are facing at.Compare and analyze the common modeling technology of attack graph and the generation algorithm of attack graph and give the related definition of vulnerability model and attack graph generation framework.(2)Calculation of path profit(vulnerability)in industrial control network.The paper first gives the source of the income elements in the attack graph,and expounds the shortcomings of the traditional attack profit calculation,and on this basis,the attack and defense game model and Bayesian network are introduced to calculate the success rate of attack and defense.The path profit,which introduces the attack and defense success rate,is defined as path generalized profit and gives the calculation formula of attack path profit.Through calculation,we can know clearly which link has the largest vulnerability,and need to protect.It is convenient for the security manager to protect the path.This profit makes vulnerability index not only considering the attacker,also considering the defender's ability to make kneel vulnerability analysis more comprehensive,the study of the control system of the vulnerability and security defense provides a new research way of thinking.(3)Aiming at the problem of state space explosion in the process of attack graph generation,this paper proposes an explosion granularity constraint function to optimize the scale of attack graphs.Then the attack graph is generated under the monotonicity hypothesis and the vulnerability specification condition.Finally,it is analyzed by the case simulation.It is proved that the constraint function can reduce the scale of the attack graph effectively. |
PDF Full Text Request