Vulnerability description attack graph-based power industrial control system network attack assessment method

An industrial control system and network attack technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of unconsidered and single evaluation factors, and achieve the effect of good applicability

An industrial control system and network attack technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of unconsidered and single evaluation factors, and achieve the effect of good applicability

CN112235283AActive Publication Date: 2021-01-15ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD +1
7 Cites 11 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability description attack graph-based power industrial control system network attack assessment method
  • Vulnerability description attack graph-based power industrial control system network attack assessment method
  • Vulnerability description attack graph-based power industrial control system network attack assessment method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The following are specific embodiments of the present invention and in conjunction with the accompanying drawings, the technical solutions of the present invention are further described, but the present invention is not limited to these embodiments.

[0034] Such as figure 1 , the present invention is based on a vulnerability description attack graph network attack assessment method for power industrial control systems, the method comprising:

[0035] Step S01, collecting original attack cases. Through web crawlers, collect basic vulnerability information and vulnerability descriptions in national information security vulnerability databases, cert industrial Internet vulnerability databases and other vulnerability databases, including vulnerability numbers such as CNVD, CVE, ICSA, etc., CVSS vulnerability assessment scores, and CVSS vulnerability exploitability assessment results , CVSS vulnerability impact indicators, vulnerability affected device types, device manufa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an electric power industrial control system network attack assessment method based on a vulnerability description attack graph, and belongs to the technical field of intelligent power grid information and equipment safety. The method comprises the steps of collecting original attack cases of the power industrial control system; carrying out the vulnerability feature extraction, data cleaning, vulnerability classification and clustering on the case to form an attack sample; constructing a system network connection topology and a network connection authority topology; constructing a power industrial control system component set and a system state set; constructing a state-based attack graph by using the system state set, the network connection topology and the permission topology; and calculating the feasibility of a single-step path contained in the attack graph and the feasibility and income of an attack link. According to the method, performance characteristicsof vulnerabilities used by network attacks and physical functions of components of the power industrial control system are comprehensively considered, evaluation indexes with universality are selected, and attack mechanism analysis and attack effect evaluation can be carried out on any subsystem of the power industrial control system on the basis of a model of an attack graph.

Description

technical field [0001] The invention belongs to the technical field of smart grid information and equipment security, and in particular relates to a network attack evaluation method of an electric power industrial control system based on a vulnerability description attack graph. Background technique [0002] With the continuous development of computer technology, information technology, big data, artificial intelligence and industrial automation technology, the traditional industrial control system and infrastructure continue to be intelligent, and information technology is widely used in the field of industrial control, making the traditional industrial control system change. It is becoming more and more open, which brings new challenges to the traditional relatively closed industrial control system. [0003] The power industry control system is an indispensable part of the power production and operation control that supports all links of power generation, transmission, tra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
15 Jan 2021
Publication
CN112235283A
IPC
H04L29/06; H04L12/24
CPC
H04L63/1433; H04L63/1416; H04L41/145; H04L41/147; Y04S40/20
Inventors
许爱东; 蒋屹新