Chinese Journal of Network and Information Security ›› 2021, Vol. 7 ›› Issue (6): 31-43.doi: 10.11959/j.issn.2096-109x.2021069

• TopicⅠ: Novel Network Technology and Security • Previous Articles    

Key path analysis method for large-scale industrial control network

Yaofang ZHANG1,2, Zheyu ZHANG3, Haikuo QU1,2, Ge ZHANG3, Zibo WANG1,2, Bailing WANG1,2   

  1. 1 School of Computer Science and Technology, Harbin Institute of Technology (Weihai), Weihai 264209, China
    2 China Industrial Control Systems Cyber Emergency Response Team, Beijing 100040, China
    3 Research Institute of CyberSpace Security, Harbin Institute of Technology, Harbin 150006, China
  • Revised:2021-05-10 Online:2021-12-01 Published:2021-12-01
  • Supported by:
    The National Defense Basic Scientific Research Program(JCKY2019608B001)

Abstract:

In order to solve the problem of high time-consuming and resource-consuming quantitative calculation of large-scale industrial control network attack graphs, a key path analysis method for large-scale industrial control networks was proposed.Firstly, the idea of cut set was used to calculate the key nodes set of Bayesian attack graph by combining the atomic attack income in industrial control network, which solved the problem that the current cut set algorithm only considers the key nodes in graph structure.Secondly, a dynamic updating strategy of Bayesian attack graph which only updated the attack probability of key nodes was proposed to efficiently calculate the attack probability of the whole graph and analyze the key path of attack graph.The experimental results show that the proposed method can not only ensure the reliability of the calculation results of large-scale industrial control attack graphs, but also can significantly reduce the time consumption and have a significant improvement in the calculation efficiency.

Key words: key node, key path, attack graph, Bayesian network, industrial control network

CLC Number: 

No Suggested Reading articles found!