Research On Critical Node Identification Method In ICS Based On Impact Range Of Failure

Industrial control system is a general term for different types of control systems in the industrial production process,which is widely used as a key component in large-scale critical infrastructures such as electric power,chemical industry,and water treatment.Any complex system contains critical nodes.Once these key nodes are attacked and destroyed,the overall performance of the system will be greatly affected.Research on the identification of critical nodes in industrial control systems can theoretically analyze the importance of components in the system to provide theoretical support for efficiently regulating the security protection resources of the system.Most of the existing metric based criticality node identification methods are aimed at power systems,and the used criticality metrics are difficult to apply to other ICSs;while other critical node identification methods based on real-time data,although available more accurate evaluation results of the importance degree are produced,but the overall complexity is higher,and a priori evaluation results cannot be obtained without data.In view of the shortcomings of the existing critical node identification methods in industrial control systems,in this dissertation,we propose a generic critical node identification(GCNI)algorithm based on the impact range of cascading failure in ICSs.The main contributions are as follows:(1)Based on the control logic of industrial control system and the interdependence between components,we propose a general modeling method for ICS directed complex network models.Then,according to the cascading failure effects and control logic dependencies in the ICS,we propose two metrics:the Cascading Failure Scale(CFS)and the Range of Effective Impact(REI).The core idea of CFS and REI metrics in the evaluation process is the cascading fault impact range of the node,that is,the larger the fault impact range of a node,the higher its importance,which is in line with the true characteristics of industrial control systems.Using multiple criteria decision making(MCDM)methods,we can obtain the CFS and REI metrics to obtain a comprehensive evaluation result of node criticality.(2)Aiming at the problem that the topological metrics are difficult to accurately quantify the overall impact of cascading failure effects on ICSs,an average system resilience(ASR)metric based on real-time data is proposed according to the system elasticity theory.ASR metric uses the real-time data of ICSs to calculate the degree of abnormal disturbance caused by the failure of nodes in the system to the overall performance of the system,so as to quantify and analyze the impact of nodes on the overall system and evaluate the importance of nodes in the system.The combination of ASR,CFS and REI metrics can incorporate the effect of cascading failure effects on the overall performance of the system into the evaluation process of the GCNI algorithm,so that GCNI can draw more accurate node importance evaluation results(3)Taking the Tennessee-Eastman Process(Tennessee Eastman Process,TEP)as the test example,based on the online industrial control system security test platform,we launch a simulation attack on the sensor nodes in the TEP.The collected attack data can be used to verify the accuracy of the node importance result obtained by this method.The experimental results show that,compared with the contrast algorithm,our algorithm can obtain an evaluation result that is more in line with the actual characteristics of TEP.After combining the ASR metric,the accuracy of our algorithm has been further improved.According to the data of the impact range of the sensor nodes in TEP,the proposed algorithm can obtain the evaluation result of the criticality of nodes with an accuracy rate of more than 90%,which can effectively solve the critical node identification problem in industrial control system.