Research On Key Technology Of Attack Graph Application For Cyber Physical System Security Defense

Cyber physical system refers to a new generation of intelligent system with computing,communication,control and other integrated capabilities and physical functions.The complexity of cyber physical system,the heterogeneity of components and the development of attack technology make cyber physical systems face increasingly serious security risks.The attack graph technology can model the cyber physical system and analyze the possibility of the vulnerabilities in the current system being exploited by attackers.The defenders can obtain and correlate the network and physical security elements in the cyber physical system,discover potential attack paths in the current system,and analyze the risk degree of nodes and the impact of attack paths on the system,and make optimal defense decisions.The existing attack graph technology is mainly aimed at the application scenario of computer network,which is not fully applicable to large-scale cyber physical system containing physical entity,and the description of device vulnerability in cyber physical system is not accurate.In addition,the existing risk assessment methods for cyber physical systems only assess the impact of the network layer,excluding the impact of the physical layer,so the risk factors are not considered comprehensively.In addition,the existing attack graph analysis technology has some problems,such as inaccurate attack path prediction and timely selection of defense measures,which restrict the application of attack graph in cyber physical system and other special fields.In view of the problems and challenges,based on multiple stages of attack graph generation and analysis,this paper studies three key technologies,cyber physical system attack graph generation,vulnerability analysis and defense,for the application of attack graph in cyber physical system security defense.The main work of this paper is summarized as follows.1.Aiming at the problems of state space explosion in current attack graph generation technology and inaccurate characterization of vulnerabilities of physical entities in cyber physical system,a distributed attack graph generation algorithm for cyber physical system was proposed.The algorithm guided distributed search to quickly generate attack graph by implementing reachability hypergraph partitioning,and improved the efficiency of attack graph generation.This paper also proposes a method of attribute labeling entity,which attaches attribute set to each component in cyber physical system,specifies the potential interaction between components,and is used to model the flow of attack propagation,which improves the accuracy of attack graph generation.Experimental and comparative results show that the proposed method can achieve more efficient and accurate vulnerability analysis of cyber physical systems.2.Aiming at the problems that the existing researches do not fully consider the risks of physical space in the information physical fusion system,and the security factors such as attack success rate and cost benefit are not taken into account,a method of security risk assessment of cyber physical system based on attack graph is proposed.Firstly,the overall model of the network physical architecture is constructed by taking the power cyber physical system as an example,and the impact factors of attack action layer and attack target layer are established from the information end and physical end respectively,which solves the problem that only one system layer is considered in risk assessment.Then,a process model of attack behavior is established based on the attack diagram.The capability of the attacker,characteristics of attack behavior and characteristics of the target network are considered comprehensively to analyze the probability of choosing the attack path,and then the attack incidence of the whole cyber physical system is quantitatively analyzed.Experimental results show that this method improves the comprehensiveness and accuracy of the analysis of the impact of network attacks.3.Aiming at the problem that the image generation of attack graph in large-scale networks such as cyber physical system is too complicated,which is not conducive to follow-up observation and analysis,an optimization method of attack graph based on kill chain is proposed,which combines the concepts of kill chain and attack graph to generate kill chain attack graph.According to the six stages of network physical kill chain,the nodes that do not correspond to the attack technology implemented by the attacker and the kill chain stage are removed from the kill chain attack diagram,thus simplifying the attack diagram and improving the analysis efficiency of the attack diagram.Aiming at the problem that defenders are unable to adapt to the rapid changes of offensive and defensive situation,which leads to the delay in adopting defense strategies,a method of selecting network defense strategies under the condition of incomplete information is proposed.By depicting the transformation process of the strategies of attackers and defenders in offensive and defensive confrontation,the problem of difficult selection of defense measures in dynamic and complex network scenarios is solved.Provide the basis for the defender to make defense decision.The experimental and comparative results show that the above method has higher execution efficiency in large-scale cyber physical system.