Research On The Analysis Method Of Cross-domain Attack Path Behavior Of Cyber-physical Systems Based On Attack Intention

With the large-scale advancement of national strategic plans such as " Internet plus " and " Integration of information technology and industrialization ",information technologies such as big data and cloud computing are widely used in industrial control systems.The traditional relatively closed industrial control system has gradually become an interconnected Cyber-Physical Systems,increasing the risk of being attacked.CPS attacks often penetrate from the information layer to the physical layer.Once it penetrates into the physical layer equipment,it will reduce the quality of production,even cause the failure of production equipment and personnel damage,threatening the safe and stable operation of society.Aiming at the shortcomings of existing cross-domain attack analysis methods,this thesis proposes a CPS cross-domain attack path behavior analysis framework based on the attack intent.It can explore the attack path behavior characteristics from the two perspectives of attack methods and attack path.In terms of the attack methods,this thesis proposes a attack methods analysis scheme based on the double hidden markov model.This scheme mainly includes two stages: node membership attack identification stage and system association attack deduction stage.The node membership attack recognition stage establishes a node-level hidden markov model from the perspective of the inherent attribute differences of nodes.The system correlation attack deduction stage establishes a system-level hidden markov model from the perspective of node attack correlation in the system.The two complement each other to form nodesystem double hidden markov model.Finally,the results of the hidden markov model in the two dimensions of the node and the system are weighted and fused,and the matching degree of the attack method based on the double hidden markov model is obtained.In terms of the attack path,this thesis proposes a attack path prediction scheme based on the partitioned cellular automata model.This scheme mainly contains two modules: the offline model building module and the online deduction prediction module.The offline model building module firstly divides the system functional areas and then combines the node attributes and the attacker's intention to establish the partitioned cellular automata offline model.The online deduction prediction module firstly decomposes the deduction process tasks,and then calls the multi-core to achieve synchronous parallel computing,as well as selects the path that appears the most as the optimal attack path.Finally the comparison and verification of attack intentions are carried out.Aiming at the practical application and verification of the method,the address resolution protocol spoofing attack is taken as an example to simulate the attacker's crossdomain attack propagation process from the information layer to the physical layer.The simulation experiment conclusions are compared with real-time operating conditions of the platform to verify the Effectiveness of the CPS cross-domain attack behavior analysis method.Finally,the author summarize the research content of this thesis,and look forward to the future research work and development directions.