Research On The Construction Method Of Industrial Control System Vulnerability Knowledge Graph

With the gradual integration of industrialization and informatization,the internal control network of the Industrial Control System(ICS)is gradually interconnected with external networks.It inevitably breaks the closedness of the original software and hardware of the industrial control system,and is prone to more attacks.Industrial control systems cover typical industries such as petroleum,chemical and electric power,and are an important part of the national industrial key information infrastructure.Unlike traditional computer networks,once the industrial control system is attacked,the consequences will directly affect industrial production and even Personal safety.Therefore,research on the safety of industrial control systems has become very urgent.This paper combines the vulnerability database of industrial control system with the knowledge graph to study the construction of the vulnerability knowledge graph of industrial control system.First,construct the ontology model of the industrial control system vulnerability knowledge map by analyzing the industrial control system vulnerabilities and related industrial control security field data;then capture,analyze,process and store the industrial control system vulnerability data to complete the construction of the basic industrial control system vulnerability knowledge map;Finally,in response to application requirements such as prediction of the follow-up vulnerability exploitation chain of the industrial control system vulnerability knowledge graph,the analysis of unstructured vulnerability information and the mining of pre-privileges and post-privileges for vulnerability exploitation.This paper adopts a top-down construction method to construct a knowledge graph of industrial control system vulnerabilities.First,conduct knowledge modeling of the industrial control system vulnerability knowledge map,analyze the application goals of constructing the industrial control system vulnerability knowledge map based on the existing industrial control vulnerabilities and related data sources,list the relevant ontology and constraint conditions,and then construct the industrial control based on expert knowledge System vulnerability knowledge graph ontology model;the second step is to acquire knowledge,select data sources according to the ontology,attributes and relationships in the ontology model,and then formulate relevant rules to obtain multi-source data sets by means of web crawlers;the third step is to proceed Knowledge fusion,which includes three aspects of data splitting,deduplication and merging.Among them,this article builds a dictionary containing suppliers,device models and device versions,and uses rule matching methods to split related data,and at the same time,to improve the data Accuracy,based on expert knowledge to formulate rules to achieve data deduplication and merging;in order to facilitate the update and maintenance of the knowledge map of industrial control system vulnerabilities,this article uses a graph database-based storage method for knowledge storage,and maps entities to industrial control according to the formulation of association rules In the ontology model of the system vulnerability knowledge graph,the triple data in the form of [entity,relationship,entity] is obtained,and finally the triple data is stored in the graph database to complete the construction of the industrial control system vulnerability knowledge graph.In order that the vulnerability knowledge graph of industrial control system can be applied to predict potential exploit chains in the future,this paper proposes a method of generating preprivilege and post-privilege based on rule matching.Use the system's expert knowledge to first classify the vulnerability privileges;then summarize the effective characteristics of each vulnerability privilege category.The generated vulnerability pre-privilege and post-privilege are added to the knowledge graph of industrial control system vulnerability as two new attributes of the vulnerability.In the end,this paper designs and implements a system to construct a knowledge graph of industrial control system vulnerabilities.Constructing a knowledge graph of industrial control system vulnerabilities is conducive to users' in-depth analysis of the cause,principle and impact of the vulnerabilities,and at the same time,it is conducive to users to confirm the potential security threats of their industrial control network systems or equipment,take protective measures in time,and formulate effective defenses.Strategies to reduce the possibility of industrial control security incidents.