网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (6): 31-43.doi: 10.11959/j.issn.2096-109x.2021069

• 专栏Ⅰ:新型网络技术及安全 • 上一篇    下一篇

面向大规模工控网络的关键路径分析方法

张耀方1,2, 张哲宇3, 曲海阔1,2, 张格3, 王子博1,2, 王佰玲1,2   

  1. 1 哈尔滨工业大学(威海)计算机科学与技术学院,山东 威海264209
    2 国家工业信息安全发展研究中心,北京 100040
    3 哈尔滨工业大学网络空间安全研究院,黑龙江 哈尔滨 150006
  • 修回日期:2021-05-10 出版日期:2021-12-15 发布日期:2021-12-01
  • 作者简介:张耀方(1998− ),女,黑龙江哈尔滨人,哈尔滨工业大学(威海)博士生,主要研究方向为工业控制系统安全风险评估
    张哲宇(1989− ),女,吉林松原人,硕士,国家工业信息安全发展研究中心工程师,主要研究方向为网络安全、工业信息安全、关键信息基础设施保护、检测评估技术
    曲海阔(1997− ),女,辽宁鞍山人,哈尔滨工业大学(威海)硕士生,主要研究方向为工业控制系统安全检测
    张格(1980− ),男,北京人,国家工业信息发展研究中心副主任,主要研究方向为工业信息安全、网络安全检查评估技术、网络空间安全态势、关键信息基础设施网络安全防护技术
    王子博(1992− ),男,黑龙江哈尔滨人,哈尔滨工业大学(威海)博士生,主要研究方向为工业控制系统安全风险评估
    王佰玲(1978− ),男,黑龙江哈尔滨人,哈尔滨工业大学(威海)教授、博士生导师,主要研究方向为网络安全、信息内容安全、信息对抗、工业互联网安全
  • 基金资助:
    国防基础科研计划(JCKY2019608B001)

Key path analysis method for large-scale industrial control network

Yaofang ZHANG1,2, Zheyu ZHANG3, Haikuo QU1,2, Ge ZHANG3, Zibo WANG1,2, Bailing WANG1,2   

  1. 1 School of Computer Science and Technology, Harbin Institute of Technology (Weihai), Weihai 264209, China
    2 China Industrial Control Systems Cyber Emergency Response Team, Beijing 100040, China
    3 Research Institute of CyberSpace Security, Harbin Institute of Technology, Harbin 150006, China
  • Revised:2021-05-10 Online:2021-12-15 Published:2021-12-01
  • Supported by:
    The National Defense Basic Scientific Research Program(JCKY2019608B001)

摘要:

针对大规模工控网络攻击图的量化计算耗时高、消耗资源大的问题,提出了一种大规模工控网络的关键路径分析方法。首先利用割集思想结合工控网络中的原子攻击收益,计算贝叶斯攻击图关键节点集合,解决目前割集算法只考虑图结构中节点关键性的问题。其次,提出一种只更新关键节点攻击概率的贝叶斯攻击图动态更新策略,高效计算全图攻击概率,分析攻击图关键路径。实验结果表明,所提方法在大规模工控攻击图的计算中,不仅可以保证计算结果的可靠性,而且能够大幅度降低方法耗时,显著提升计算效率。

关键词: 关键节点, 关键路径, 攻击图, 贝叶斯网络, 工控网络

Abstract:

In order to solve the problem of high time-consuming and resource-consuming quantitative calculation of large-scale industrial control network attack graphs, a key path analysis method for large-scale industrial control networks was proposed.Firstly, the idea of cut set was used to calculate the key nodes set of Bayesian attack graph by combining the atomic attack income in industrial control network, which solved the problem that the current cut set algorithm only considers the key nodes in graph structure.Secondly, a dynamic updating strategy of Bayesian attack graph which only updated the attack probability of key nodes was proposed to efficiently calculate the attack probability of the whole graph and analyze the key path of attack graph.The experimental results show that the proposed method can not only ensure the reliability of the calculation results of large-scale industrial control attack graphs, but also can significantly reduce the time consumption and have a significant improvement in the calculation efficiency.

Key words: key node, key path, attack graph, Bayesian network, industrial control network

中图分类号: 

No Suggested Reading articles found!