Generation And Analysis Method Of Attack Defense Tree For CPS Architecture

With the widespread use of Cyber-Physical Systems(CPS)in social fields such as smart grids,aerospace,and intelligent transportation,security attacks on such systems not only affect the confidentiality,integrity and availability of the system but may also cause property damage,environmental destruction and even casualties.Therefore,it is urgent to establish effective security defense measures for CPS.However,due to the large number of components and complex structure in CPS,and limited security protection resources,how to select key nodes for security defense deployment to ensure system security is an important issue in CPS network security protection.Existing research mainly analyzes and evaluates the security defense strategy of the system during the network deployment stage.Analyzing the security defense strategy during the system architecture design stage can effectively save the modification cost in the later stage of the system lifecycle.Therefore,this paper proposes an attack defense tree generation and security protection strategy analysis method based on the CPS architecture model.The main research contents include the following three parts:(1)In order to screen out key security components in the system that may become targets of attack,a security-critical component analysis method based on Sys ML block definition diagrams is proposed.The method models the components and vulnerability information in the system based on Sys ML block definition diagrams.Considering that Sys ML block definition diagrams are difficult to support direct analysis,a block security dependency graph model is proposed and conversion rules from Sys ML block definition diagrams to block security dependency graphs are established based on the structure of block definition diagrams and their vulnerability information.On this basis,a system security-critical component analysis algorithm is constructed to determine the key security components in the system architecture.(2)In order to further analyze security defense strategies,an attack defense tree generation method for attack target components is proposed.By converting the Sys ML block definition diagram model representing the system architecture into an IDP model,and using the attack targets obtained from the critical security component analysis as input,the attack targets are iteratively refined through the attack subtree template until the attack tree contains nodes that cannot be further refined.Finally,defensive countermeasures are set for the attack tree to construct a complete attack defense tree model.(3)Based on the generated attack defense tree,a cost-constrained system security defense strategy analysis method is proposed.First,the attack defense tree model is preprocessed to convert the attack defense tree model into an atomic attack defense tree model.Then,the defense cost attribute and defense success probability attribute of each defense node are calculated.On this basis,the final defense success probability of the system is calculated according to the probability tree model.The node that can achieve the minimum system defense cost is selected as the optimal defense node,and the maximum defense success probability under cost constraints is calculated.Based on the above theory,an attack defense tree generation and analysis tool was implemented and a case analysis was conducted through a pump station attack and defense example of a Cyber-Physical System to demonstrate the effectiveness of the method.Experiments show that the method proposed in this paper is reasonable and feasible.It can accurately identify the key security components in the system and generate corresponding attack defense trees,thus providing theoretical support and technical support for the formulation of security defense measures based on system architecture.