Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability association mining method for industrial control system

An industrial control system and vulnerability technology, applied in the field of network security, can solve the problems of inaccurate and in-depth vulnerability threat risk assessment of industrial control systems, without considering the vulnerability correlation system, etc., so as to improve the comprehensive coverage of mining and the accurate and effective results. Effect

Active Publication Date: 2020-11-03
HARBIN INST OF TECH AT WEIHAI +1
View PDF3 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Most of the attacks against industrial control systems are multi-level continuous attacks, and most of the existing research and work follow the traditional independent vulnerability analysis, without considering the impact of the correlation between vulnerabilities on the system as a whole, resulting in industrial The vulnerability threat risk assessment of the control system is not accurate enough and in-depth

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability association mining method for industrial control system
  • Vulnerability association mining method for industrial control system
  • Vulnerability association mining method for industrial control system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] A vulnerability association mining method for industrial control systems, such as Figure 1-4 shown, including the following steps:

[0053] (1) Obtain network vulnerabilities from the National Information Security Vulnerability Sharing Platform (CNVD) and the Industrial Internet Security Emergency Response Center (ICS-CERT);

[0054] (2) Vulnerabilities are classified, and when describing the properties of the vulnerability, the premise of the permission set required to exploit a certain vulnerability and the result of the permission set that can be achieved by successfully exploiting the vulnerability are added to describe;

[0055] (3) Adopt the method of combining machine learning algorithm and rule processing to automatically generate the whole process of extracting authority collection;

[0056] (4) Carry out association analysis on the automatically obtained permission set fields contained in the description attribute, and dig out the pre-post logical relationsh...

Embodiment 2

[0059] A vulnerability association mining method for an industrial control system, as described in Embodiment 1, the difference is that step (2) is further as follows:

[0060] After screening the obtained vulnerability data, keep the following key information, that is, vulnerability feature data, including: Common Vulnerability (CVE) number, Common Vulnerability Scoring System (CVSS) score, Attack Vector (AV), identity authentication, common Platform (CPE), Confidentiality Impact, Integrity Impact, Usability Impact, and Vulnerability Damage Description; the description and values ​​of related fields are as follows:

[0061] Common vulnerability number: You can quickly find the corresponding information in the CVE-compatible database, regardless of the number of vulnerabilities, the value of the number is different, for example: CVE-2018-4858;

[0062] Common Vulnerability Scoring System Score: evaluates the severity of the vulnerability and helps determine the urgency and imp...

Embodiment 3

[0076] A vulnerability association mining method for an industrial control system. The difference from that described in Embodiment 1 is that manual extraction of the mark of the authority set of vulnerabilities is inefficient and prone to data loss. Therefore, machine learning algorithms and rule processing are adopted. In the combined way, step (3) is: input the data description field of the industrial control vulnerability into the deep neural network (DeepNeural Networks, DNN) model for training and learning, obtain the permission set label as the output, and then deal with the situation that the perceptron model cannot cover Next, the rule model is used to supplement, and a complete process of automatically generating and extracting permission set tags is obtained. Finally, the correlation structure analysis is carried out for the vulnerabilities that already have the precondition permission set and the result permission set value, and the logical relationship between the v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a vulnerability association mining method for an industrial control system, and belongs to the technical field of network security. The method comprises the steps of: obtaining network vulnerabilities; classifying the vulnerabilities; adopting a machine learning algorithm and rule processing combined mode to automatically generating the whole permission set extraction process; and performing association analysis on the automatically acquired permission set fields contained in the description attributes, and mining a front-back logic relationship between industrial control system vulnerabilities. When the logic relationship between the industrial control vulnerabilities is analyzed, comprehensive description is carried out by using multi-dimensional attributes, theindustrial control vulnerabilities are effectively classified, besides basic description indexes, the concept of an authority set is also used, and the vulnerabilities are associated by using the privileged property of vulnerability attacks. The invention further provides a mode of combining a machine learning algorithm with rule processing, the whole process of extracting the permission set labelis automatically generated, and direct or indirect attack threats to an industrial control system can be caused by comprehensively and efficiently analyzing and utilizing security holes.

Description

technical field [0001] The invention relates to a vulnerability correlation mining method of an industrial control system, which belongs to the technical field of network security. Background technique [0002] With the rapid development of the Internet, the theory of the integration of industrialization and industrialization has gradually matured, and industrial control systems have gradually adopted open network interconnection technology and commercial IT standard products. While the development of digitalization and intelligence promotes the development of industrial production, it also brings many potential safety hazards. For example, some core embedded devices represented by PLC in industrial production have weak security protection capabilities, and the result of networking will undoubtedly increase the risk of malicious attacks on industrial control devices. In recent years, various attacks on industrial control systems have been increasing, exposing serious defici...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06K9/62G06N3/04G06N3/08
CPCG06F21/577G06N3/08G06N3/045G06F18/24323G06F18/214Y02P90/02
Inventor 曲海阔王子博刘志尧王佰玲张格刘扬
Owner HARBIN INST OF TECH AT WEIHAI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com