CN111585968B - Industrial control network security influence analysis device based on function analysis - Google Patents

Industrial control network security influence analysis device based on function analysis Download PDF

Info

Publication number
CN111585968B
CN111585968B CN202010285431.2A CN202010285431A CN111585968B CN 111585968 B CN111585968 B CN 111585968B CN 202010285431 A CN202010285431 A CN 202010285431A CN 111585968 B CN111585968 B CN 111585968B
Authority
CN
China
Prior art keywords
function
module
analysis
attack
network security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010285431.2A
Other languages
Chinese (zh)
Other versions
CN111585968A (en
Inventor
郑威
毛磊
常箫
张淑慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Nuclear Engineering Research and Design Institute Co Ltd
Original Assignee
Shanghai Nuclear Engineering Research and Design Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Nuclear Engineering Research and Design Institute Co Ltd filed Critical Shanghai Nuclear Engineering Research and Design Institute Co Ltd
Priority to CN202010285431.2A priority Critical patent/CN111585968B/en
Publication of CN111585968A publication Critical patent/CN111585968A/en
Application granted granted Critical
Publication of CN111585968B publication Critical patent/CN111585968B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The invention discloses an industrial control network security impact analysis tool based on functional analysis, which is characterized by comprising the following modules: the system comprises a function decomposition module, a function topology generation module, an asset collection and analysis module, a network security attack analysis module and a function consequence influence evaluation module. Through an industrial control network security impact analysis tool based on function analysis, a function topological graph is generated, a hierarchical relation from functions to equipment is finally established, and the final actual impact of information security attack on a process system and the way of the impact of the information security attack on the process system are visually displayed.

Description

Industrial control network security influence analysis device based on function analysis
Technical Field
The invention belongs to the field of network security, and particularly relates to an industrial control network security impact analysis device based on function analysis.
Background
Since 2010 Stuxnet worm attacks the Iran nuclear facility, the information security problem of the industrial control system is highly emphasized by the international and domestic boundaries. Information security attacks can affect the availability, integrity and confidentiality of software and data, adversely affect the operation of systems, networks and related equipment, and pose a threat to industrial control systems. For information security attack, how to intuitively know the final influence of the information security attack on a process system is very important for system designers and system users, and by researching the actual influence of digital equipment influenced by the information security attack on the whole system process, the designers can more clearly know the vulnerability of the system and the link needing to focus on information security defense, so that the system users can fully evaluate the influence brought by the information security attack from events when facing the information security attack, and accordingly, targeted and effective measures are taken to deal with the situation.
Disclosure of Invention
The invention aims to provide an industrial control network security impact analysis device based on function analysis, and explains main modules and functions of the device.
An industrial control network security influence analysis device based on function analysis comprises the following modules: the system comprises a function decomposition module, a function topology generation module, an asset collection and analysis module, a network security attack analysis module and a function consequence influence evaluation module;
the function decomposition module analyzes the functions in a hierarchical structure and expresses the analyzed functions as a hierarchical structure of a target-means; evaluating the importance of the top layer function, providing a flow tool for functional decomposition to grade the top layer function layer by layer, and establishing a hierarchical relation from the function to the equipment;
the function topology generating module generates an intuitive function tree topology map by utilizing the analysis result of the function decomposition module and combining the correlation among the subfunctions; the function tree topological graph endows the function tree with logic calculation capacity, and whether the failure of each subfunction affects the execution of the final function can be judged;
the asset collection and analysis module establishes an interactive relation between a digital chemical engineering control system and controlled process equipment to form a set of the process equipment and associated sensors, actuators and controller assets;
the network security attack analysis module analyzes the asset attribute and the attack surface of the process equipment in the asset collection and analysis module to obtain a network attack graph and analyzes the influence of the network attack type possibly suffered on the equipment;
and the functional consequence influence evaluation module analyzes the influence of the subfunction on the target function according to the functional topology generation module to obtain the influence of the functional safety brought by the network safety attack.
The invention realizes the following functions:
(1) through the industrial control network security impact analysis device based on function analysis, a function topological graph is generated, and finally, a hierarchical relation from functions to equipment is established.
(2) Through the industrial control network security impact analysis device based on function analysis, the final actual impact of information security attack on the process system and the approach of the impact of the information security attack on the process system are visually displayed.
Drawings
FIG. 1 is a block diagram of an industrial control network security impact analysis device;
FIG. 2 is a hierarchical schematic of an object-measure.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The invention analyzes the function of the process system in a hierarchical structure, and expresses the function as the hierarchical structure of the target-means. The hierarchical analysis starts from the top-level function, the top-level function is gradually decomposed to the process system for realizing the function, the subfunction of the process system is finally decomposed to the bottom-level process equipment for realizing the function, and thus the hierarchical relation of the function-subfunction-equipment is obtained. Then, by researching the interactive relation between the digital chemical engineering control system and the controlled process equipment, a set of the process equipment and the related digital chemical engineering control system assets is formed, and thus the incidence relation between the top-level function and the digital assets is obtained. And then, carrying out network security attack face analysis and attack path analysis on the digital assets, researching the influence degree of the network security attack events on the integrity, the availability and the confidentiality of the digital assets, combining a hierarchical functional structure, upwards deducing the influence of the network attack on the process equipment of the digital assets, and the influence on the sub-functions executed by the process equipment, and finally obtaining the influence on the top-level function.
The industrial control network safety influence analysis device based on function analysis comprises the following modules:
1) a functional decomposition module;
2) a functional topology generation module:
3) an asset collection and analysis module;
4) the network security attack analysis module:
5) the functional outcome affects the evaluation module.
The function decomposition module analyzes the functions in a hierarchical structure and expresses the analyzed functions as the hierarchical structure of the target-means. A high-level functional description is an overview of the integration of one system or multiple related systems. Thus, the underlying (i.e., more specific) subsystems or devices used to perform functions are targeted. The process of functional decomposition aims at distinguishing from the goal which underlying subsystems or devices can be used as means for achieving the goal from the top down. Further, by functional decomposition, means can be combined from the bottom up to discriminate the degree of influence of the means on achieving the object. Thus, the conclusion of functional decomposition is which subsystems and devices are available to perform a function, and which subsystems or components are necessarily involved in performing a function. Such a decomposition activity establishes a hierarchy of goal-means. The hierarchy of object-means is shown in FIG. 2
The top layer is the function, the second layer is the process system for accomplishing the function/goal, the third layer is the sub-functions of the respective systems implementing the top layer function, and the fourth layer is the equipment for each sub-function. In the function decomposition module, the importance of the top layer function is evaluated, a flow tool for function decomposition is provided, the top layer function is graded layer by layer, and finally, the hierarchical relation from the function to the equipment is established.
And the functional topology generating module generates an intuitive functional tree topology map by utilizing the analysis result of the functional decomposition module and combining the correlation relations among the subfunctions, such as series correlation, parallel relation and the like. Through the function tree topological graph and the logic calculation capacity of the function tree, whether the failure of each sub-function can affect the execution of the final function or not can be judged. For example, if the top-level function is completed by two redundant sub-functions, the loss of any one sub-function will not affect the implementation of the top-level function, and the two sub-functions belong to a parallel relationship; if two sub-functions are interdependent, the implementation of the top-level function can only be guaranteed if both sub-functions are executed correctly, and the two sub-functions belong to a serial association. Through the generation of the function tree topological graph, the influence on the top layer function caused by the failure of each sub-function can be calculated.
The asset collection and analysis module analyzes assets that perform sub-functions. The performance of the sub-functions generally depends on the proper operation of the process equipment, such as pumps, valves, fans, etc. The asset collecting and analyzing module establishes the interactive relation between the digital chemical engineering control system and the controlled process equipment to form a set of the process equipment such as a valve and the like and the associated assets such as a sensor, an actuator, a controller and the like. In addition, the network topology and the working process of the digital equipment are analyzed, for example, the communication and the dependency relationship among different equipment are analyzed, and the influence relationship diagram of the digital equipment is realized. Through the module, the incidence relation between the functions and the digitalized equipment of the industrial control system is realized.
And the network security attack analysis module analyzes the asset attribute and the attack surface of the digital equipment in the asset collection and analysis module to obtain a network attack graph and an attack path of the network attack to the equipment. And analyzes the impact that the type of network attack that may be sustained has on the device, which may include loss of integrity, confidentiality, and availability.
The function consequence influence evaluation module analyzes different influences of the network attack on the digital equipment according to the input of the network security attack analysis module, analyzes the influence degree of the process equipment such as a pump, a valve and the like which correctly executes the sub-functions after the digital equipment is subjected to the network attack according to the asset collection and analysis module, and finally analyzes the influence of the sub-functions on the target function according to the function topology generation module, thereby obtaining the influence of the function security brought by the network security attack.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.

Claims (1)

1. The utility model provides an industrial control network security influences analytical equipment based on functional analysis which characterized in that includes following module: the system comprises a function decomposition module, a function topology generation module, an asset collection and analysis module, a network security attack analysis module and a function consequence influence evaluation module;
the function decomposition module analyzes the functions in a hierarchical structure and expresses the analyzed functions as the hierarchical structure of the target-means; evaluating the importance of the top layer function, providing a flow tool for functional decomposition to grade the top layer function layer by layer, and establishing a hierarchical relation from the function to the equipment;
the function topology generation module generates a visual function tree topology graph by utilizing the analysis result of the function decomposition module and combining the correlation relationship among the subfunctions; the function tree logic computing capacity is given through the function tree topological graph, and whether the failure of each sub-function can affect the execution of the final function or not can be judged;
the asset collection and analysis module establishes an interactive relation between a digital chemical engineering control system and controlled process equipment to form a set of the process equipment and associated sensors, actuators and controller assets;
the network security attack analysis module analyzes the asset attribute and the attack surface of the process equipment in the asset collection and analysis module to obtain a network attack graph and analyze the influence of the network attack type possibly suffered on the equipment;
and the functional consequence influence evaluation module analyzes the influence of the subfunction on the target function according to the functional topology generation module to obtain the influence of the functional safety brought by the network safety attack.
CN202010285431.2A 2020-04-13 2020-04-13 Industrial control network security influence analysis device based on function analysis Active CN111585968B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010285431.2A CN111585968B (en) 2020-04-13 2020-04-13 Industrial control network security influence analysis device based on function analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010285431.2A CN111585968B (en) 2020-04-13 2020-04-13 Industrial control network security influence analysis device based on function analysis

Publications (2)

Publication Number Publication Date
CN111585968A CN111585968A (en) 2020-08-25
CN111585968B true CN111585968B (en) 2022-09-02

Family

ID=72126350

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010285431.2A Active CN111585968B (en) 2020-04-13 2020-04-13 Industrial control network security influence analysis device based on function analysis

Country Status (1)

Country Link
CN (1) CN111585968B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104348652A (en) * 2013-08-06 2015-02-11 南京理工大学常熟研究院有限公司 Method and device for evaluating system security based on correlation analysis
US9930058B2 (en) * 2014-08-13 2018-03-27 Honeywell International Inc. Analyzing cyber-security risks in an industrial control environment
US10841332B2 (en) * 2015-12-14 2020-11-17 Siemens Industry, Inc. System and method for passive assessment of industrial perimeter security
US10395040B2 (en) * 2016-07-18 2019-08-27 vThreat, Inc. System and method for identifying network security threats and assessing network security
CN109543301A (en) * 2018-11-22 2019-03-29 苏州健雄职业技术学院 A kind of network security attacks prototype modeling method based on Industry Control

Also Published As

Publication number Publication date
CN111585968A (en) 2020-08-25

Similar Documents

Publication Publication Date Title
CN107390567B (en) System and method for protecting an industrial asset control system
Zio The future of risk assessment
Mahmood et al. Fuzzy fault tree analysis: a review of concept and application
Cassady et al. Combining preventive maintenance and statistical process control: a preliminary investigation
Yu et al. Trustworthiness modeling and analysis of cyber-physical manufacturing systems
US11503045B2 (en) Scalable hierarchical abnormality localization in cyber-physical systems
US20200322366A1 (en) Intelligent data augmentation for supervised anomaly detection associated with a cyber-physical system
Chen et al. A security, privacy and trust methodology for IIoT
Serpanos There is no safety without security and dependability
Kim et al. Consider the consequences: A risk assessment approach for industrial control systems
Di Maio et al. Risk analysis of cyber-physical systems by GTST-MLD
CN111585968B (en) Industrial control network security influence analysis device based on function analysis
Angermeier et al. Modeling security risk assessments
Hecht et al. Automated generation of FMEAs using SysML for reliability, safety, and cybersecurity
Chan et al. Security verification for cyber-physical systems using model checking
CN111585969B (en) Industrial control network security impact analysis method based on function analysis
Jharko et al. Extending functionality of early fault diagnostic system for online security assessment of nuclear power plant
O’Toole et al. Iot security and safety testing toolkits for water distribution systems
Liu et al. A comprehensive method of apportioning reliability goals for new product of hydraulic excavator
Laddaga et al. Deriving cyber-security requirements for cyber physical systems
Wheeler et al. Nuclear power plant cyber security discrete dynamic event tree analysis (LDRD 17-0958) FY17 report
Shin et al. A study of cyber-attack impact to condenser test-bed by using STPA-SafeSec
Gu et al. Research on safety and security of cyber physical machine tool system
Hauptman et al. Overcoming the lumberjack effect through adaptive autonomy
Bae et al. Framework for operator manipulation validation system using plant parameter prediction

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: No. 29 Hong Cao Road, Xuhui District, Shanghai

Patentee after: Shanghai Nuclear Engineering Research and Design Institute Co.,Ltd.

Address before: No. 29 Hong Cao Road, Xuhui District, Shanghai

Patentee before: SHANGHAI NUCLEAR ENGINEERING RESEARCH & DESIGN INSTITUTE Co.,Ltd.

CP01 Change in the name or title of a patent holder