Cyber-physical system oriented cross-layer attack risk quantification method
By acquiring asset topology relationships in cyber-physical systems, discovering vulnerabilities, and establishing a cross-layer attack-defense game link, this approach solves the problem of the single dimension of traditional FMEA analysis, achieves systematic identification of cross-layer attack risks and risk prioritization, and assesses the necessity of information layer and physical layer security measures.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- INSTR TECH & ECONOMY INST P R CHINA
- Filing Date
- 2025-06-17
- Publication Date
- 2026-06-30
Smart Images

Figure CN120455144B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of industrial control system security technology and relates to a method for quantifying cross-layer attack risks for cyber-physical systems. Background Technology
[0002] Digital transformation has significantly improved the openness and interconnectivity of Industrial Automation and Control Systems (IACS), with increasingly tight coupling between the information layer and the physical layer, exhibiting typical characteristics of Cyber-physical Systems (CPS). However, this deep integration of the information and physical layers also presents IACS with unprecedented security challenges. The gradual opening up of traditionally closed industrial environments, the increasing complexity of IACS system architecture, the blurring of network boundaries, and the diversification of external threats have made IACS a prime target for cyberattacks. In recent years, cross-layer attacks targeting critical infrastructure have become frequent, with attackers exploiting vulnerabilities in the information layer to penetrate the physical layer, causing production disruptions, equipment damage, and even safety incidents, seriously threatening industrial production safety.
[0003] Therefore, how to construct a method for quantifying cross-layer attack risks for cyber-physical systems and effectively assess the sufficiency and necessity of information layer security measures and physical layer security measures is a problem that urgently needs to be solved by those skilled in the art. Summary of the Invention
[0004] In view of this, the present invention proposes a cross-layer attack risk quantification method for cyber-physical systems. The FMEA covers information layer attacks, physical layer failures and cross-layer propagation paths, systematically identifies the implicit cross-layer attack chain of CPS, avoids human omissions, and unifies the quantification of "attack-protection" risk from a game theory perspective. It can effectively assess the sufficiency and necessity of information layer security measures and physical layer security measures.
[0005] To achieve the above objectives, the present invention adopts the following technical solution:
[0006] This invention discloses a method for quantifying the risk of cross-layer attacks on cyber-physical systems, comprising the following steps:
[0007] S1: Obtain the topological relationship between the information layer assets and physical layer assets of the industrial control system (CPS);
[0008] S2: Based on the industrial control system architecture and historical work records, extract the dependency relationship between information layer assets and physical layer assets, and quantify the dependency strength according to preset indicators;
[0009] S3: Discover vulnerabilities in information layer asset one, determine the first potential attack type of information layer asset one based on the vulnerabilities, determine the vulnerabilities of related information layer asset two and their corresponding second potential attack types based on the topological relationship of information layer asset one, and determine whether information layer asset two is an attack entry point. If yes, obtain the information layer asset attack chain and its quantification factor, and proceed to S4. If no, the information layer asset two is treated as a new information layer asset one and S3 is executed repeatedly.
[0010] S4: Obtain control instructions between information layer assets and physical layer assets based on the dependency relationship between information layer assets and physical layer assets, and positively predict the damage chain of physical layer assets and its quantification factor based on the abnormal state of the control instructions.
[0011] S5: Based on the information layer asset attack chain and the physical layer asset damage chain, and combined with the security weights of the information layer and the physical layer, establish a cross-layer attack-protection game link;
[0012] S6: Based on the information layer asset attack chain quantification factor, the physical layer asset damage chain quantification factor, and the security weights of the information layer and physical layer, FMEA is used to quantify the risk value of each cross-layer attack-protection game link.
[0013] Preferably, the information layer assets in S1 include one or more of the following: software assets, network assets, protocol assets, and data assets.
[0014] Preferably, the physical layer assets in S1 include one or more of the following: sensor assets, actuator assets, and production equipment assets.
[0015] Preferably, in step S2, the correlation method factor and the influence timeliness factor are used as preset indicators to quantify the dependence strength.
[0016] Preferably, in the information layer attack chain of S3:
[0017] Based on the vulnerability quantification of the information layer asset attack chain, the vulnerability maturity V of the information layer asset is determined. matu And the vulnerability exploitation complexity C comp ;
[0018] Attack entry point exposure L based on the attack entry point quantification of the information layer asset attack chain expo .
[0019] Preferably, the second information layer asset in S3 is an adjacent or higher-level information layer asset associated with the first information layer asset.
[0020] Preferably, step S4 includes: obtaining the damage consequences of physical layer assets in the physical layer asset damage chain, used to quantify the degree of physical impact S.phys .
[0021] Preferably, the security weights of the information layer and the physical layer are the capability coefficients of information layer security measures and physical layer security measures in the cross-layer attack-protection game link to detect and handle attack types.
[0022] Preferably, the information layer security measures include one or more of the following: encryption protocols, network isolation, intrusion detection, zero-trust architecture, and role-based access control; the physical layer security measures include one or more of the following: status monitoring system, executor access control, and redundancy verification.
[0023] Preferably, the calculation formula for quantifying the risk value of each cross-layer attack-defense game link using FMEA in S6 is as follows:
[0024]
[0025] In the formula, CRI represents the risk value of the cross-layer attack-defense game; L expo V represents the exposure level of the attack entry point, quantified based on the attack entry point. matu For vulnerability maturity, C comp The vulnerability exploitation complexity is derived from the vulnerability quantification of the second information layer asset; I s To determine the strength of the dependency between information layer assets and physical layer assets, I s The higher the value, the greater the value of the physical layer assets that the information layer assets connect to; S phys The physical consequence level is determined by quantifying the damage consequences of physical layer assets within the physical layer asset damage chain; D cyber The information layer security weight is obtained by quantifying the attack detection capability based on information layer security measures; D phys α represents the security weight of the physical layer, which is obtained by quantifying the fault detection capability based on the physical layer security measures; α and β are adjustment factors.
[0026] As can be seen from the above technical solution, compared with the prior art, the beneficial effects of the present invention include:
[0027] This invention expands the analytical dimensions, innovates cross-layer analysis tools, and further enhances the quantitative model. For the first time, a cross-layer "attack-protection" chain is defined in FMEA, supporting the "network attack leading to physical failure" scenario unique to CPS, covering information layer attacks, physical layer failures, and cross-layer propagation paths. An information layer-physical layer dependency matrix is constructed to quantify the dependency strength between information layer assets and physical layer assets, systematically identifying implicit cross-layer attack chains in CPS and avoiding human oversight. Information security indicators (such as attack entry point exposure and vulnerability maturity) are integrated with traditional RPN, unifying the quantification of "attack-protection" risks from a game theory perspective, supporting the prioritization of cross-layer attack risks, and effectively assessing the sufficiency and necessity of information layer and physical layer security measures. Attached Figure Description
[0028] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.
[0029] Figure 1 A flowchart illustrating a method for quantifying the risk of cross-layer attacks on cyber-physical systems provided in an embodiment of the present invention;
[0030] Figure 2 This is an IACS architecture diagram provided for an embodiment of the present invention. Detailed Implementation
[0031] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0032] To fully illustrate the specific implementation methods of the present invention, the cyber-physical system and the Failure Mode and Effect Analysis (FMEA) method are first described as follows:
[0033] Cyber-physical systems (CPS) are divided into an information layer and a physical layer, and the two layers communicate and transmit data through a complex interaction mechanism.
[0034] FMEA is an important method in the field of equipment system safety analysis. FMEA is a qualitative analysis method that analyzes each potential failure of mechanical equipment (note: mechanical equipment does not possess CPS characteristics) to determine its possible consequences, analyze the effectiveness of existing prevention or detection measures, and generate a comprehensive risk assessment. Based on the magnitude of the risk, targeted improvements are implemented to reduce the likelihood of failure, enhance the ability to detect failures, mitigate the impact of failures, improve the controllability of failures, and ensure long-term continuous operation of the equipment.
[0035] Traditional FMEA has two shortcomings when applied to cross-layer attack modeling and risk analysis of industrial cyber-physical systems:
[0036] Analyzing only physical equipment failures ignores information layer and cross-layer interaction risks, resulting in a single analytical dimension.
[0037] The Risk Priority Number (RPN) (Formula S·O·D) is not included in information security indicators, resulting in insufficient quantification when facing the risk of cross-layer CPS attacks, making it difficult to support priority decision-making.
[0038] To overcome the aforementioned shortcomings of traditional FMEA, this invention provides a method for quantifying cross-layer attack risks in cyber-physical systems.
[0039] like Figure 1 As shown, the method of this embodiment mainly includes the following steps:
[0040] S1: Obtain the topological relationship between the information layer assets and physical layer assets of the industrial control system (CPS);
[0041] S2: Extract the dependency relationship between information layer assets and physical layer assets based on the industrial control system architecture and historical work records, and quantify the dependency strength according to preset indicators;
[0042] S3: Discover vulnerabilities in information layer asset one, determine the first potential attack type of information layer asset one based on the vulnerabilities, determine the vulnerabilities of related information layer asset two and their corresponding second potential attack types based on the topological relationship of information layer asset one, and determine whether information layer asset two is an attack entry point. If so, obtain the information layer asset attack chain and its quantification factor, and proceed to S4. If not, information layer asset two is treated as a new information layer asset one and S3 is executed repeatedly.
[0043] S4: Obtain control instructions between information layer assets and physical layer assets based on the dependency relationship between information layer assets and physical layer assets, and positively predict the damage chain of physical layer assets and its quantification factor based on the abnormal state of the control instructions.
[0044] S5: Based on the information layer asset attack chain and the physical layer asset damage chain, and combined with the security weights of the information layer and the physical layer, a cross-layer attack-protection game link is established.
[0045] S6: Based on the information layer asset attack chain quantification factor, the physical layer asset damage chain quantification factor, and the security weights of the information layer and physical layer, FMEA is used to quantify the risk value of each cross-layer attack-protection game link.
[0046] In one embodiment, the information layer assets in S1 include one or more of the following: software assets, network assets, protocol assets, and data assets.
[0047] In this embodiment, software assets typically include SCADA software, PLC control logic, HMI interface, etc.; network assets include communication protocols, routers, firewalls, etc.; and data assets include real-time databases, historical databases, identity authentication information, etc.
[0048] In one embodiment, the physical layer assets in S1 include one or more of the following: sensor assets, actuator assets, and production equipment assets.
[0049] In this embodiment, sensor assets include temperature sensors, pressure sensors, flow sensors, lidar, etc.; actuator assets include circuit breakers, frequency regulators, etc.; and production equipment includes pumps, motors, reactors, etc.
[0050] In one embodiment, a two-dimensional matrix (columns: information layer assets, rows: physical layer assets) between information layer assets and physical layer assets is established based on the asset list to visualize the dependencies between the information layer and physical layer in CPS, while conveying the potential paths of cross-layer attacks. The dependencies between information layer assets and physical layer assets are extracted from system architecture diagrams, communication protocol documents, fault history records, system logs and network traffic monitoring data, and the dependencies between assets are marked in a table, as shown in Table 1.
[0051] Table 1 Examples of Dependency Relationships
[0052]
[0053] For example, the dependency between the information layer asset "Modbus TCP communication protocol" and the physical layer asset "PLC controller" is that the PLC controller relies on the Modbus protocol to receive control commands.
[0054] In one embodiment, the dependency strength in S2 is defined as the degree of association between information layer assets and physical layer assets. The degree of association is quantified by two indicators: association method (such as direct or indirect) and impact on timeliness. The quantification basis is shown in Table 2.
[0055] Table 2. Quantification basis of dependence strength
[0056]
[0057] Dependency strength is expressed as I s This indicates the value of the attack path, I, from the attacker's perspective. s The larger the value, the greater the value of the physical layer assets that the information layer assets connect to. This means the associated information layer assets are more valuable and more likely to become high-priority targets for attacks. The CPS asset dependency strength is visualized using a matrix, as shown in Table 3.
[0058] Table 3 Examples of Dependency Strength
[0059] Information layer / physical layer PLC controller pressure sensor motor Modbus TCP communication protocol 3 — — Real-time database — 3 — User authentication system — — 3
[0060] In one embodiment, S3-S5 constitute the modeling process of the "attack-protection" chain. "Attack-protection" chain modeling refers to analyzing the potential paths an attacker might take to successfully penetrate the physical layer from the information layer and cause damage, as well as a series of security measures that need to be bypassed or penetrated during this process. This invention employs an improved FMEA method to achieve "attack-protection" chain modeling.
[0061] Traditional FMEA focuses solely on physical layer asset failures, lacking assessment of information layer assets (software, network, data) and cross-layer interaction risks. To accommodate CPS cross-layer attack chain modeling, this invention expands the analytical dimensions of traditional FMEA, specifically including:
[0062] ① A new information layer attack mode has been added, expanding the threats to information layer assets such as man-in-the-middle attacks, data tampering, and identity forgery as causes of physical layer failures;
[0063] ② Based on the dependency relationship and strength between the information layer and the physical layer, conduct an impact analysis of CPS cross-layer attacks. The specific modeling steps of the "attack-protection" chain are as follows:
[0064] Step 1: Based on the CPS dependency strength (I) s The matrix selects information layer and physical layer assets with dependency strengths of "high level" and "medium level" as modeling objects.
[0065] Step 2: Analyze the potential attack types of the modeled object as the starting point for failure mode analysis. Since an attack is only considered successful if a vulnerability is successfully exploited, the potential attack types depend on the vulnerabilities of the information layer assets in the modeled object. For example, the PLC and actuator communicate via the Modbus TCP protocol. The Modbus / TCP protocol is plaintext communication and has a vulnerability of "encryption or authentication not enabled." Therefore, the potential attack type is the exploitation of this protocol vulnerability, which can manifest as a man-in-the-middle attack, replay attack, etc. Typical attack types are shown in Table 4.
[0066] Table 4 Typical Attack Types
[0067]
[0068]
[0069] Step 3: Based on the asset topology relationship of CPS, reverse analyze the adjacent or upper-level information layer assets associated with the information layer assets in Step 2, and analyze the vulnerabilities of the adjacent or upper-level information layer assets (used to quantify vulnerability maturity V). matu And the vulnerability exploitation complexity C comp The vulnerability and its potential attack types are considered as information layer causes. If the information layer asset being analyzed in this step still has a related parent information layer asset, the analysis of vulnerabilities and potential attack types continues until the attack entry point (used to quantify the attack entry point exposure L) is found. expo Typical attack entry points are shown in Table 5.
[0070] Table 5 Typical attack entry points
[0071]
[0072]
[0073] Step 4: Obtain the control relationships between information layer assets and physical layer assets from the dependency matrix. These control relationships are implemented through control commands (such as valve opening and speed increase). Therefore, analyze the abnormal states of control commands between information layer assets and physical layer assets (such as control command delays, tampering, and duplication) to positively predict the damage chain of physical layer assets and the impact of abnormal states, such as excessive speed, equipment damage, or even process disturbances (used to quantify the degree of physical impact S). phys ).
[0074] Step 5: Combine the information layer asset attack chain from Step 3 and the physical layer asset damage chain from Step 4 to form a cross-layer attack chain from the "attacker's" perspective.
[0075] Step 6: For each cross-layer attack chain, analyze the information layer security measures and physical layer security measures to form a cross-layer "attack-protection" chain from the perspective of the game between attackers and defenders.
[0076] In one embodiment, the security weights of the information layer and physical layer in S6 are the capability coefficients of information layer security measures and physical layer security measures in detecting and handling attack types in the cross-layer attack-protection game link. This step requires a comprehensive risk analysis for each cross-layer attack-protection game link. By evaluating the combined impact of "the probability of an attack event occurring under the action of information layer security measures," "the severity of the physical impact caused by the attack," and "the detection rate of information layer security measures and physical layer security measures," the adequacy of existing information layer security measures and physical layer security measures is assessed, and the security measures that need to be taken are prioritized.
[0077] Traditional FMEA uses Risk Priority Number (RPN), as shown in Formula 1. This comprehensive indicator enables a semi-quantitative calculation of failure risk. However, it does not consider the information security weights (such as attack probability and attack detection capability) in the cross-layer "attack-protection" chain, and therefore cannot be applied to the quantitative analysis of cross-layer attack risks at the CPS system level.
[0078] RPN=S·O·D (1)
[0079] In the formula, S represents the severity of the impact of the physical failure of the equipment;
[0080] O represents the probability of a physical equipment failure. Physical equipment failures are objective and random, and their average probability or frequency can be obtained through statistical analysis of historical failure data. However, information layer attacks are subjective and malicious, and their probability of occurrence is closely related to factors such as the exposure of attack entry points, vulnerability maturity, vulnerability exploitation complexity, and asset value. Traditional methods for analyzing the probability of physical failures are not applicable to information security attack events.
[0081] D represents the undetectability of physical faults in the equipment.
[0082] To this end, embodiments of the present invention propose a comprehensive risk quantification calculation method for cross-layer "attack-protection" chains, as shown in Formula 2:
[0083]
[0084] In the formula, CRI represents the risk value of the cross-layer attack-defense game link;
[0085] L expo The exposure of the attack entry point is quantified based on the attack entry point, and this metric quantifies the CPS.
[0086] The degree of system exposure to the outside world, i.e. the reachability of attack entry points, is quantified in Table 6.
[0087] V matu The vulnerability maturity level is obtained based on the vulnerability quantification of Information Layer Asset II. This indicator quantifies the public disclosure of vulnerabilities, the development of exploitation tools, and the ease with which attackers can exploit them. The quantification basis is shown in Table 7.
[0088] CC comp The vulnerability exploitation complexity was obtained by quantifying vulnerabilities based on the second information layer asset. This indicator quantifies the attacker's technical capabilities and understanding of the control system. The quantification basis is shown in Table 8.
[0089] I s This metric quantifies the degree of influence of information layer assets on physical layer assets, representing the dependency strength between information layer assets and physical layer assets. From an attacker's perspective, this metric indicates the attack intensity. s The larger the value, the greater the value of the physical layer assets that the information layer assets connect to, and thus the greater the value of the associated information layer assets.
[0090] S phys The physical consequence level is obtained by quantifying the damage consequences of physical layer assets in the physical layer asset damage chain. The quantification basis is shown in Table 9.
[0091] D cyber The information layer security weight is obtained by quantifying the attack detection capability of information layer security measures. This indicator quantifies the ability of information security measures to detect and handle threats after an attack enters the CPS. The quantification basis is shown in Table 10.
[0092] D phys The physical layer security weight is obtained by quantifying the fault detection capability of physical layer security measures. This indicator quantifies the ability of physical layer security measures to detect and control physical layer faults caused by attackers exploiting vulnerabilities. The quantification basis is shown in Table 11.
[0093] α and β are adjustment factors. If α = β, it indicates that information layer security measures and physical layer security measures are of equal importance. If α > β, it indicates that stakeholders value the leading role of information layer security measures and emphasize moving the prevention checkpoint forward. If α < β, it indicates that stakeholders focus on the emergency response capabilities of physical layer security measures and emphasize the timely detection and control of physical damage effects.
[0094] In this embodiment, the information layer security measures include one or more of the following: encryption protocols, network isolation, intrusion detection, zero-trust architecture, and role-based access control; the physical layer security measures include one or more of the following: status monitoring system, executor access control, and redundancy verification.
[0095] Table 6. Quantification basis for attack entry point exposure
[0096]
[0097] Table 7. Quantitative Basis for Vulnerability Maturity
[0098]
[0099] Table 8. Quantitative Basis for Vulnerability Exploitation Complexity
[0100]
[0101]
[0102] Table 9. Quantitative Basis for Physical Consequence Levels
[0103]
[0104] Table 10 Quantitative Basis for Information Layer Attack Detection Capability
[0105]
[0106]
[0107] Table 11 Quantitative Basis for Physical Layer Fault Detection Capability
[0108]
[0109] Compared to traditional RPN, this metric comprehensively considers the attack entry point exposure (L). expo Vulnerability Maturity (V) matu ), vulnerability exploitation complexity (C comp ), the strength of the dependency between the information layer and the physical layer (I) s Physical layer impact consequences (S) phys ), Information layer attack detection capability (D) cyber ), physical layer fault detection capability (D phys The seven dimensions fully reflect the attack and defense capabilities of attackers and defenders in the supply-side game process. Among them, L... expo V matu C comp These three indicators can comprehensively characterize the likelihood of an attack; I s Indicates the priority of the target being attacked; D cyber D phys The two indicators together characterize the security monitoring and response capabilities along the entire path from threat attack to physical damage.
[0110] To demonstrate in detail the application process of the method proposed in this invention, the fractionation tower process and related IACS are selected as the application objects, such as... Figure 2 As shown.
[0111] First, we carried out system layered modeling. The information layer assets and physical layer assets are shown in Table 12 and Table 13, respectively.
[0112] By extracting dependencies, the association matrix between information layer assets and physical layer is obtained, as shown in Table 14;
[0113] The strength of their dependencies was quantified according to Table 2, and the results are shown in Table 15.
[0114] Then, cross-layer "attack-defense" chain modeling was carried out, and some results are listed in columns 1 to 4 of Table 16;
[0115] Finally, the comprehensive risk factor was calculated according to Formula 2, and the results are listed in Table 16.
[0116] Table 12 Information Layer Assets
[0117] Information layer assets Application Description Engineer Station Used for configuring, debugging, and maintaining DCS controller logic and parameters. Operator station Human-machine interface (HMI) displays real-time data and supports manual control operations. DCS system server The core data processing unit stores historical data and coordinates the control logic. Enterprise Management Information System Integrating production data for business management Terminal office computers Terminal devices in the office network may access the DCS system. Internet publication Remote access interface provided to the outside world DCS controller The core device that executes control logic communicates with physical devices via a fieldbus. TCP / IP Network communication protocol, supporting data transmission between DCS and upper-layer systems. Modbus bus Industrial communication protocol to connect DCS controllers and field devices
[0118] Table 13 Physical Layer Assets
[0119] Physical layer assets Application Description Temperature sensor TI-109 Sensing the feed temperature of the distillation tower FIT-101 Flow Sensor Sensing the feed flow rate of the distillation tower FIT-102 Flow Sensor Sensing the flow rate of the reflux at the top of the distillation column FV-101 Flow solenoid valve Adjusting the feed flow rate of the fractionation tower P-102 reflux pump Drive the circulation of the medium at the top of the distillation column
[0120] Table 14 Dependencies between Information Layer Assets and Physical Layer Assets
[0121]
[0122]
[0123] Table 15 Dependency Strength
[0124]
[0125]
[0126] Table 16. Comprehensive Risk Analysis Results (Partial Examples)
[0127]
[0128]
[0129] Note: In this case, α = β = 0.5
[0130] The cross-layer attack risk quantification method for cyber-physical systems provided by this invention has been described in detail above. Specific examples have been used in this embodiment to illustrate the principle and implementation of this invention. The description of the above embodiments is only for the purpose of helping to understand the method and core idea of this invention. At the same time, for those skilled in the art, there will be changes in the specific implementation and application scope based on the idea of this invention. Therefore, the content of this specification should not be construed as a limitation of this invention.
[0131] The above description of the disclosed embodiments enables those skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined in these embodiments may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims
1. A method for quantifying the risk of cross-layer attacks on cyber-physical systems, characterized in that, Includes the following steps: S1: Obtain the topological relationship between the information layer assets and physical layer assets of the industrial control system (CPS); S2: Based on the industrial control system architecture and historical work records, extract the dependency relationship between information layer assets and physical layer assets, and quantify the dependency strength according to preset indicators; S3: Discover vulnerabilities in information layer asset one, determine the first potential attack type of information layer asset one based on the vulnerabilities, determine the vulnerabilities of related information layer asset two and their corresponding second potential attack types based on the topological relationship of information layer asset one, and determine whether information layer asset two is an attack entry point. If yes, obtain the information layer asset attack chain and its quantification factor, and proceed to S4. If no, the information layer asset two is treated as a new information layer asset one and S3 is repeated. The information layer asset two is an adjacent or upper-level information layer asset associated with information layer asset one. S4: Obtain control instructions between information layer assets and physical layer assets based on the dependency relationship between information layer assets and physical layer assets, and positively predict the damage chain of physical layer assets and its quantification factor based on the abnormal state of the control instructions. S5: Based on the information layer asset attack chain and the physical layer asset damage chain, and combined with the security weights of the information layer and the physical layer, establish a cross-layer attack-protection game link; S6: Based on the information layer asset attack chain quantification factor, the physical layer asset damage chain quantification factor, and the security weights of the information layer and physical layer, FMEA is used to quantify the risk value of each cross-layer attack-protection game link.
2. The method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 1, characterized in that, The information layer assets in S1 include one or more of the following: software assets, network assets, protocol assets, and data assets.
3. The method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 1, characterized in that, The physical layer assets in S1 include one or more of the following: sensor assets, actuator assets, and production equipment assets.
4. The method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 1, characterized in that, In S2, the correlation mode factor and the influence timeliness factor are used as preset indicators to quantify the dependence strength.
5. The method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 1, characterized in that, In the information layer attack chain of S3: Based on the vulnerability quantification of the information layer asset attack chain, the vulnerability maturity V of the information layer asset is determined. matu And the vulnerability exploitation complexity C comp ; Attack entry point exposure L based on the attack entry point quantification of the information layer asset attack chain expo .
6. The method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 1, characterized in that, S4 includes: obtaining the damage consequences of physical layer assets in the physical layer asset damage chain, used to quantify the degree of physical impact S. phys .
7. The method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 1, characterized in that, The security weights of the information layer and physical layer are the capability coefficients for detecting and handling attack types by information layer security measures and physical layer security measures in the cross-layer attack-protection game link.
8. A method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 7, characterized in that, The information layer security measures include one or more of the following: encryption protocols, network isolation, intrusion detection, zero-trust architecture, and role-based access control; the physical layer security measures include one or more of the following: status monitoring system, executor access control, and redundancy verification.
9. A method for quantifying the risk of cross-layer attacks on cyber-physical systems according to claim 1, characterized in that, The formula for calculating the risk value of each cross-layer attack-defense game link using FMEA in S6 is as follows: ; In the formula, CRI represents the risk value of the cross-layer attack-defense game; L expo The exposure of the attack entry point is quantified based on the attack entry point. V matu For vulnerability maturity, C comp The vulnerability exploitation complexity is obtained based on the vulnerability quantification of the second information layer asset. I s To determine the strength of the dependency between information layer assets and physical layer assets, I s The higher the value, the greater the value of the physical layer assets that the information layer assets connect to; S phys The physical consequence level is obtained by quantifying the damage consequences of physical layer assets in the physical layer asset damage chain. D cyber The information layer security weight is obtained by quantifying the attack detection capability based on information layer security measures. D phys The physical layer security weights are quantified based on the fault detection capabilities of physical layer security measures. α , β It is a regulating factor.