CN106453379A - Security policy dynamic acquisition method of process control system based on attack-defense game - Google Patents

Security policy dynamic acquisition method of process control system based on attack-defense game Download PDF

Info

Publication number
CN106453379A
CN106453379A CN201610972598.XA CN201610972598A CN106453379A CN 106453379 A CN106453379 A CN 106453379A CN 201610972598 A CN201610972598 A CN 201610972598A CN 106453379 A CN106453379 A CN 106453379A
Authority
CN
China
Prior art keywords
attack
strategy
defense
node
process control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610972598.XA
Other languages
Chinese (zh)
Other versions
CN106453379B (en
Inventor
周纯杰
张琦
秦元庆
印炜
田博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201610972598.XA priority Critical patent/CN106453379B/en
Publication of CN106453379A publication Critical patent/CN106453379A/en
Application granted granted Critical
Publication of CN106453379B publication Critical patent/CN106453379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/26Pc applications
    • G05B2219/2609Process control

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Manufacturing & Machinery (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a security policy dynamic acquisition method of a process control system based on an attack-defense game. The method comprises an offline process and an online process; the method comprises the following steps: firstly, analyzing the process control system and establishing a Bayesian network; secondly, building a defense strategy model; thirdly, screening a potential attack strategy set and a potential defense strategy set; fourthly, quantizing an attack-defense payoff matrix; and finally, according to the attack-defense payoff matrix, establishing an equation solution and acquiring an optimal security strategy. The method of the invention comprehensively considers various consequences caused by the attack-defense strategy, and performs uniform scale quantization; an idea of an attack-defense game theory is introduced to a solving process of the optimal security strategy, so that the problems that the traditional dynamic strategy decision is excessive responsive, and the response mode of a dynamic decision response method is fixed and easily exploited by attackers are solved; and besides, the Bayesian network and the attack-defense strategy model are used for screening the potential attack-defense strategy, so that the number of alternative attack-defense strategies can be greatly reduced, thereby reducing the computing time of cost-benefit quantification of the attack-defense strategies, and improving the real-time performance of a dynamic decision.

Description

Attack and defense game-based dynamic security policy acquisition method for process control system
Technical Field
The invention belongs to the technical field of information security protection of process control systems, and particularly relates to a dynamic security policy acquisition method of a process control system based on an attack and defense game.
Background
The process control system realizes the management, monitoring and control of a wide region; the rapid development of computer technology, sensor technology, network communication technology and automatic control technology breaks the impasse of information island of the traditional process control system, but the users can enjoy the convenience and face various information safety problems. The consequences of a process control system suffering from an intrusion attack are very serious, the information security problem is imminent, and dynamic information security policy decision making is the key to solving the information security problem of the process control system.
The process control system comprises an information part and a physical control object, and the dynamic information security policy decision of the process control system needs to comprehensively consider two factors of information and physics; the traditional online strategy decision is based on a response mode of static mapping, and has the defects that the response mode is fixed and is easy to be utilized by attackers; the traditional security policy decision rarely quantifies the cost and benefit of the security policy in a unified scale, and the excessive response of the system is easily caused.
The invention patent (CN201010562527.5) and the invention patent (CN200810224939.0) disclose policy decision methods for information attack of information systems, which are not targeted at process control systems, fail to fully consider risks faced by process control systems, and are not suitable for information security dynamic risk assessment of process control systems.
Disclosure of Invention
Aiming at the defects or the improvement requirements of the prior art, the invention provides a security policy dynamic acquisition method of a process control system based on an attack-defense game, which solves the problems of tight coupling between an information system and a physical system, fixed response mode and excessive response in the decision process of a dynamic security policy through a risk assessment system.
In order to achieve the above object, according to an aspect of the present invention, there is provided a method for dynamically acquiring a security policy of a process control system based on an attack-defense game, including the following steps:
(1) set of attack events l for building a process control systemAFunctional failure set lFSet of security events lESum of moneySet of production losses lZMerging the 4 sets to construct a Bayesian network node set; establishing a Bayesian network according to a father node set of each node in the Bayesian network node set and a conditional probability table of each node, and evaluating the value of each asset node in the Bayesian network;
(2) enumerating security strategies and recovery strategies of the process control system, and constructing an attack strategy set according to attack strategies which can be prevented by the security strategies; a recovery function set is constructed according to the system functions which can be recovered by each recovery strategy;
(3) constructing a potential security policy set according to the attack policy set, and constructing a potential recovery policy set according to the recovery function set; constructing a system potential defense strategy set according to the potential security strategy set and the potential recovery strategy set;
(4) marking evidence in the Bayesian network by setting a state to 1 or 0; acquiring the probability p (n) of each asset node in the current Bayesian network by adopting a cluster tree propagation method;
acquiring the current risk value of the process control system according to the probability p (n); acquiring an attack and defense income matrix according to the current risk value of the process control system;
(5) establishing a linear equation set according to a mixed strategy of an attacker, a mixed strategy of a process control system and an attack and defense income matrix; solving the system of linear equations to obtain an optimal strategy for the process control system.
Preferably, the method for dynamically acquiring the security policy of the process control system based on the attack-defense game includes the following sub-steps in step (1):
(1.1) enumerating attack scenes according to security vulnerabilities of a process control system, and decomposing combined attacks in the attack scenes into atomic attacks; an attack event set l is formed by the corresponding events of each atomic attack in all attack scenesA
A failure set l is formed from all system functions of the process control systemF
Formation of a safety time set l from safety events of a process control systemE
Asset loss set/is formed from assets of a process control systemZ
Set attack events lAFunctional failure set lFSet of security events lEAnd set of asset losses lZAre combined into a Bayesian network node set l ═ lA∪lF∪lE∪lZ
Set of attack events lAElement a ∈ l in (1)AShowing that an attacker attacks the system by using an attack means a; set of functional failures lFElement f ∈ l in (1)FIndicating that the system function f has failed; set of security events lEElement e ∈ l in (1)EIndicating that a security event e has occurred; set of asset losses lZElement z ∈ l in (1)ZIndicating that the system asset z has been compromised;
each element n ∈ l in the set of bayesian network nodes has two states: "occurred", "not occurred"; the state "occurrence" is represented by 1, and the state "non-occurrence" is represented by 0;
(1.2) traversing each element m ∈ l- { n } in the set l- { n } for each element n ∈ l in the set of Bayesian network nodes, and adding m to the parent set n of n nodes if m occurrence could cause n to occur*Performing the following steps;
(1.3) for each element n ∈ l in the Bayesian network node set, establishing a conditional probability table of the node n
Wherein p isiRepresenting the probability of node n occurring when the father node is in the ith state;
each element n ∈ l in the Bayesian network node set with its parent node set as n*={n1,n2,…,nkWhere k is the number of parent nodes of node n;
the state of each father node is 1 and 0, and the state of the father node of the node n is 2kSeed growing; parent node n in the ith statejIn a state of Denotes "rounded down", i.e. the largest integer not greater than x;
(1.4) parent node set n for each node n ∈ l according to Bayesian network node set l*And conditional probability table p for each node, establishing a Bayesian network
(1.5) evaluating each asset node n ∈ l in the set l of Bayesian network nodesZValue v (n).
Preferably, the method for dynamically acquiring the security policy of the process control system based on the attack-defense game includes the following sub-steps in step (2):
(2.1) enumerating all information security defense strategies D ═ S ≧ U ^ R of the process control system;
wherein, S refers to a security policy set for preventing further progress of intrusion attack; r refers to a recovery strategy set and is used for recovering system functions which are failed due to intrusion attacks;
(2.2) determining the attack strategies which can be prevented by each security strategy S ∈ S, and constructing an attack strategy set A of the security strategy S according to all the attack strategies which can be prevented by the security strategy Ss
Determining the system function which can cause failure after each security policy S ∈ S is implemented, and constructing the policy according to the failure function caused by the security policy SSet of failure functions Fs
(2.3) determining the system functions which can be recovered by each recovery strategy R ∈ R, and constructing a recovery function set F of the recovery strategy R according to all the system functions which can be recovered by the recovery strategy Rr
Preferably, the above method for dynamically acquiring security policy of a process control system based on an attack-defense game includes the following sub-steps in step (3):
(3.1) carrying out real-time intrusion detection on the process control system, and adding an attack strategy a into the Bayesian network when detecting that an attacker implements the attack strategy aIn evidence set E of (a);
carrying out real-time anomaly detection on the process control system, and adding the system function f and the safety event e into the Bayesian network when detecting that the system function f is invalid or the safety event e occursIn the evidence set E, an initial evidence set E is obtained0
Obtaining current Bayesian network by using clique tree propagation methodEach asset node n ∈ lZProbability p (n); obtaining the current risk value of the process control system according to the probability p (n)
(3.2) traversing all attack strategies a in the evidence set E, belonging to E, and constructing a potential attack strategy set A' according to all child nodes of the attack strategies a;
(3.3) traversing all security policies S ∈ S in the set of security policies S for each attack policy a ∈ A 'in the set of potential attack policies A', ifa∈AsThen, a potential security policy set S' is constructed according to the security policy S;
(3.4) detecting the abnormality of the process control system, and constructing a failed function set F according to all failed functions;
for each system function F ∈ F in the failed function set F, go through all recovery policies R ∈ R if F ∈ FrThen constructing a potential recovery strategy set R' according to the recovery strategy R;
and (3.5) constructing a system potential defense strategy set D '═ S'. sub.R 'according to the potential security strategy set S' and the potential recovery strategy set.
Preferably, the above method for dynamically acquiring security policy of a process control system based on an attack-defense game includes the following sub-steps in step (4):
(4.1) assigning the ith potential attack strategy aiAnd jth potential defense strategy djForm an attack and defense strategy combination (a)i,dj) (ii) a All the attack and defense strategies are combined to form an attack and defense strategy combination set AD;
(4.2) Bayesian networkIs restored to the initial evidence set E0(ii) a And combines the attack and defense strategies in the AD seti,dj) Potential attack strategy aiThe state of the node is set to 1 and marked as evidence in the Bayesian networkPerforming the following steps; wherein the attack strategy aiA state of a node of 1 indicates that it has occurred;
(4.3) policy d for each defensejIf d isjIs a recovery strategy, the symbol r is usedjRepresents; if r isjRecovery function set ofIn-existence of system functionsIf the system is damaged, the state of the system function f is set to 0 and marked on the Bayesian network as evidencePerforming the following steps; wherein a state of 0 for system function f indicates no occurrence;
(4.4) policy d against each defensejIf d isjIs a security policy, then the symbol s is usedjRepresents; for security policy sjSet of attack strategiesEach attack strategy in (1)Modifying the conditional probability tables of all the child nodes;
obtaining a conditional probability table of each child node of the attack strategy aWherein, each child node comprises a and has z father nodes;
when the attack strategy a is the h-th parent node of a certain child node, the conditional probability table is modified so that all p in the conditional probability tableα=pα′
Wherein α ═ (b)1b2…bh-11bh+1…bz)2,α′=(b1b2…bh-10bh+1…bz)2,bi∈{0,1},
For security policy sjLoss ofSet of effects and functionsEach system function in (1)The state of the system function is set to 1 and marked as evidence in the Bayesian networkPerforming the following steps; wherein a state of 1 for a system function indicates a failure;
(4.5) obtaining the current Bayesian network by using the clique tree propagation methodEach asset node n ∈ lZProbability p (n);
obtaining the current risk value of the process control system according to the probability p (n)
(4.6) judging whether the attack and defense strategy combination set AD is an empty set, if so, entering a step 4.7, and if not, entering a step 4.2;
(4.7) controlling the current risk value of the system according to the processObtaining an attack and defense income matrix
Wherein,
preferably, the step (5) of the method for dynamically acquiring the security policy of the process control system based on the attack-defense game includes: solving the following linear equationEquation set, root of equation set β*The strategy is the optimal strategy of the process control system;
wherein,α=(α1,α2,…,αx),αi∈[0,1];hybrid strategy for attacker β ═ β1,β2,…,βy),βi∈[0,1];Is a hybrid strategy for process control systems.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
(1) according to the dynamic security policy acquisition method for the process control system based on the attack and defense game, real-time intrusion detection and anomaly detection are carried out on the process control system, and then the attack and defense policy combination is screened and cost and income are quantized according to the behavior of an attacker and the state of the system, so that the optimal security policy of the system is finally obtained; the method is a dynamic information security policy decision method; the invention comprehensively considers various consequences caused by the attack and defense strategy, utilizes the Bayesian network to uniformly quantize the consequences caused by the attack and defense strategy into the variable quantity of the system risk, realizes the uniform scale quantization of the attack and defense strategy, and solves the problem that the traditional dynamic strategy decision method cannot compare the advantages and disadvantages of the defense strategy due to the lack of the uniform scale quantization of the consequences of the attack and defense strategy, so that excessive response may exist;
(2) according to the dynamic security policy acquisition method of the process control system based on the attack and defense game, the idea of the attack and defense game theory is introduced into the solving process of the optimal security policy, the potential behaviors and the actual behaviors of an attacker and the system are considered, the security policy is optimized according to the cost and the income of the attack and defense policy, the response mode of the dynamic measurement decision method is flexible, and the problems that the response mode of the traditional dynamic decision response method based on mapping is fixed and is easy to be utilized by the attacker are solved;
(3) according to the dynamic security strategy acquisition method based on the attack and defense game process control system, potential attack and defense strategies are screened by utilizing the Bayesian network and the attack and defense strategy model, and the number of attack and defense strategy combinations is the product of the number of attack strategies and the number of defense strategies, so that the number of attack and defense strategy combinations is greatly reduced through screening of the attack and defense strategies, the calculation time of cost and income quantification of the attack and defense strategies is reduced, and the real-time performance of dynamic decision is improved.
Drawings
FIG. 1 is a flow diagram of a method for dynamic information security decision of a process control system according to an embodiment;
FIG. 2 is a schematic diagram of a network architecture of an exemplary process control system in an embodiment;
FIG. 3 is a Bayesian network schematic of a process control system in an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The process of the dynamic decision method for information security of the process control system provided by the embodiment is shown in fig. 1, and includes an offline process and an online process, and specifically includes the following steps:
(1) analyzing the process control system and establishing a Bayesian network;
(2) establishing a defense strategy model;
(3) screening a potential attack strategy set and a potential defense strategy set;
(4) quantizing the attack and defense income matrix;
(5) and obtaining an optimal security strategy.
The following describes in detail an information security dynamic decision method of a process control system according to an embodiment of the present invention, with reference to a typical process control system structure shown in fig. 2;
this typical process control system architecture includes a supervisory layer, a control layer, and a physical layer; the monitoring layer is provided with a data server and a Web server and is connected with an external network through a security gateway; the control layer is provided with a data server and an engineer station and is connected with the monitoring layer through a security gateway; the physical layer is a reaction kettle, is provided with two feed inlets and is controlled by a PLC1 and a PLC 4; the pressure reducing valve and the discharge port are controlled by a PLC 4; a heater controlled by PLC 2; the pressure sensor, the temperature sensor and the liquid level sensor are controlled by the PLC 3; the dynamic security policy decision based on the typical process control system specifically includes the following steps:
step 1: analyzing a process control system and establishing a Bayesian network, wherein the method specifically comprises the following substeps:
step 1.1: enumerating attack scenes according to security vulnerabilities of a process control system, and decomposing combined attacks in the attack scenes into atomic attacks; attacking each atom in all attack scenes to corresponding eventJoin into attack event set lAPerforming the following steps; set of attack events lAElement a ∈ l in (1)AShowing that an attacker attacks the system by using an attack means a; in an embodiment, the set of attack events is shown in table 1 below:
TABLE 1 attack event set
Symbol Description of the invention
a1 Overflow attack data server 1
a2 Overflow attack Web server
a3 Overflow attack data server 2
a4 Overflow attack engineer station
a5 DoS attack PLC1
a6 DoS attack PLC2
a7 DoS attack PLC3
a8 DoS attack PLC4
Adding all system functions of the process control system into a function failure set lFIn, failure set of function lFElement f ∈ l in (1)FIndicating that the system function f has failed; in an embodiment, the set of functional failures is shown in table 2.
TABLE 2 failure set of functions
Symbol Description of the invention
f1 Feed valve 1 flow control
f2 Feed valve 2 flow control
f3 Discharge valve flow control
f4 Pressure control
f5 Liquid level control
f6 Temperature control
Adding all safety events of a process control system to a set of safety events lEIn, a set of security events lEElement e ∈ l in (1)EIndicating that a security event e has occurred; in an embodiment, the set of security events is shown in table 3;
TABLE 3 set of Security events
Symbol Description of the invention
e1 Excessive pressure
e2 Over-high temperature
e3 Too high liquid level
e4 Explosion of reaction kettle
Adding all system assets of a process control system to an asset loss set lZMiddle, asset loss set lZElement z ∈ l in (1)ZIndicating that the system asset z has been compromised; in an embodiment, the set of asset losses is shown in table 4;
TABLE 4 asset loss set
Symbol Description of the invention
x1 Product(s)
x2 Reaction kettle
x3 Personnel
Set attack events lAFunctional failure set lFSet of security events lEAnd set of asset losses lZAre combined into a Bayesian network node set l ═ lA∪lF∪lE∪lZEach element n ∈ l in the set of bayesian network nodes has two states "occurrence" and "non-occurrence", the state "occurrence" being denoted by 1 and the state "non-occurrence" being denoted by 0;
step 1.2-for each element n ∈ l in the set of Bayesian network nodes, traverse each element m ∈ l- { n } in the set l- { n }, add m to the parent set n of n nodes if m occurrence would cause n to occur*Performing the following steps; with f4For example, a DoS attack on PLC3 and PLC4 may result in a pressure control function f4Failure due to f4Is set as { a7,a8};
Step 1.3. Each element n ∈ l in the Bayesian network node set, its parent node set is n*={n1,n2,…,nkH, wherein k is the number of parent nodes of the node n;
the state of each parent node is 1 (indicating occurrence) and 0 (indicating non-occurrence), so that the state of the parent node of the node n is 2kAnd (4) seed preparation. Parent node n in the ith statejIn a state of Representing "rounded down", i.e. the largest integer not greater than x, establishing a conditional probability table for node n from expert experience or historical data for each element n ∈ l in the set of Bayesian network nodesWherein p isiRepresenting the probability that the parent node is in the ith state, namely, the node n occurs; with a5To illustrate by way of example, a5There are two parents, and there are 4 states of their parents, and the conditional probability table is shown in table 5:
TABLE 5 conditional probability tables
a3 0 0 1 1
a4 0 1 0 1
a5=1 p0 p1 p2 p3
a5=0 1-p0 1-p1 1-p2 1-p3
Step 1.4 parent node set n of node n ∈ l*Establishing a Bayesian network using the conditional probability table p for each nodeBayesian network created by the examplesAs shown in fig. 3;
step 1.5: according to a set l of Bayesian network nodes, each for a Bayesian networkEach asset node n ∈ l in node set lZThe value v (n) is evaluated.
Step 2: establishing a defense strategy model, which comprises the following specific processes:
step 2.1: enumerating all information security defense strategies D of the process control system; defense strategies include two types: one is a security policy S, which aims to prevent further progress of intrusion attacks; the other is a recovery strategy R, which aims at recovering system functions that have failed due to an intrusion attack. So D ═ S ≦ R.
Step 2.2, analyzing the attack strategies which can be prevented by each security strategy S ∈ S, and forming an attack strategy set A of the security strategy S by all the attack strategies which can be prevented by the security strategy SsFor each security policy S ∈ S, analyzing the system function failure caused by the implementation of the security policy S, and forming the failed function caused by the security policy S into a failure function set F of the security policy Ss
Step 2.3, analyzing the system functions which can be recovered by each recovery strategy R ∈ R, and forming the recovery function set F of the recovery strategy R by all the system functions which can be recovered by the recovery strategy Rr(ii) a In an embodiment, the defense strategy is shown in table 6 below;
TABLE 6 defense strategies
And step 3: screening a potential attack strategy set A 'and a potential prevention strategy set D', and the specific process is as follows:
step 3.1: using real-time intrusion detection system to make intrusion detection for process control system, if it is detected that the attacker implements attack strategy a, adding a into Bayesian networkE. Carrying out anomaly detection on the process control system by using a real-time anomaly detection system, and if the system function f is detected to be invalid or a safety event e occurs, adding f and e to the Bayesian networkEvidence collection ofIn E, the evidence set at this time is called an initial evidence set E0. Calculating current Bayesian network by using cluster tree propagation methodEach of the asset nodes n ∈ lZThen calculating the current risk value of the process control system asAssume here that the present evidence of an attack is E ═ a1,a3}。
Step 3.2, traversing all attack strategies a ∈ E in the evidence set E, and adding all child nodes of the attack strategies into a potential attack strategy set A ', wherein A' ═ { a }4,a5,a6,a7,a8}。
Step 3.3-for each attack policy a ∈ A 'in the set of potential attack policies A', traverse all the security policies S ∈ S in the set of security policies S if a ∈ AsThen security policy S is added to the set of potential security policies S', S ═ S4,s5,s6,s7,s8}。
And 3.4, detecting the process control system abnormity by utilizing an abnormity detection system, adding all failed functions into the failed function set F, and facilitating all recovery strategies R ∈ R aiming at each system function F ∈ F in the failed function set F if F ∈ FrThen the recovery policy R is added to the set of potential recovery policies R'. At this time
Step 3.5, obtaining a system potential defense strategy set D ' ═ S ' ∪ R ' ═ S4,s5,s6,s7,s8}。
And 4, step 4: the attack and defense income matrix quantification method comprises the following specific processes:
step 4.1: at this time, the set of potential attack policies is a' ═ { a ═ a4,a5,a6,a7,a8The set of potential defense strategies of the system is D' ═ s4,s5,s6,s7,s8}. Traversing all attack and defense strategy combinations and combining the ith potential attack strategy aiAnd jth potential defense strategy djForm an attack and defense strategy combination (a)i,dj) All the attack and defense strategies are combined to form an attack and defense strategy combination set AD, and the attack and defense strategy combination set AD { (a)i,sj)|i,j∈{4,5,6,7,8}}。
Step 4.2: taking out an attack and defense strategy combination (a) from the attack and defense strategy combination set AD4,s4) First, a Bayesian net is formedIs restored to the initial evidence set E0. Then, the potential attack strategy aiThe state of the node is set to 1 (occurred) and marked as evidence in the Bayesian networkIn (1). The evidence set at this time is E ═ a1,a3,a4}。
Step 4.3: for each defense strategy djIf d isjIs a recovery strategy, here with the symbol rjAnd (4) showing. If r isjRecovery function set ofIn-existence of system functionsIf the system is damaged, the state of the system function f is set to 0 (not occurring), and the system function f is marked on the Bayesian network as evidenceIn (1). Due to the combination of attack and defense strategies (a)4,s4) Does not contain a recovery policy, so the evidence set at this time is still E ═ a1,a3,a4}。
Step 4.4: against a defense strategy s4Its corresponding attack strategy set isa4Has a as a child node5、a6、a7And a8Here with a5For example, how to modify a1The conditional probability table of (1). Attack node a5Having two parents, a3And a4The conditional probability table is shown in table 5, and is p ═ p (p)0,p1,p2,p3). The modified conditional probability table is p' ═ p (p)0,p0,p2,p2). Defense strategy s4The corresponding failure function set isThe evidence set does not have to be modified.
Step 4.5: calculating current Bayesian network by using cluster tree propagation methodEach of the asset nodes n ∈ lZThen calculating the current risk value of the process control system as
Step 4.6: if the combined set AD of the attack and defense strategies is an empty set, the step 4.7 is carried out, otherwise, the step 4.2 is carried out;
step 4.7: according to calculationAn attack and defense profit matrix is obtained as shown in the following formula (1), wherein,
and 5: selecting an optimal security strategy, which comprises the following specific processes:
step 5.1. get mixed policy α of attacker ═ α1,α2,α3,α4,α5),αi∈[0,1],Let the hybrid strategy β of the process control system equal (β)1,β2,β3,β4,β5),βj∈[0,1],
Step 5.2: solving linear equation set (2)
WhereinRoot β of the above equation set*I.e., the calculated optimal strategy of the process control system, as the root β of the system of equations*The optimal security policy for the system is (0.1, 0.1, 0.3, 0.1, 0.4): s is respectively executed with probability distribution of (0.1, 0.1, 0.3, 0.1, 0.4)4、s5、s6、s7And s8
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (6)

1. A dynamic security strategy acquisition method for a process control system based on an attack and defense game is characterized by comprising the following steps:
(1) constructing an attack event set, a functional failure set, a security event set and an asset loss set of the process control system, and merging the 4 sets to construct a Bayesian network node set; establishing a Bayesian network according to a father node set of each node in the Bayesian network node set and a conditional probability table of each node, and evaluating the value of each asset node in the Bayesian network;
(2) enumerating security strategies and recovery strategies of the process control system, and constructing an attack strategy set according to attack strategies which can be prevented by the security strategies; a recovery function set is constructed according to the system functions which can be recovered by each recovery strategy;
(3) constructing a potential security policy set according to the attack policy set, and constructing a potential recovery policy set according to the recovery function set; constructing a system potential defense strategy set according to the potential security strategy set and the potential recovery strategy set;
(4) marking evidence in the Bayesian network by setting a state to 1 or 0; acquiring the probability of each asset node in the current Bayesian network by adopting a cluster tree propagation method;
acquiring a current risk value of the process control system according to the probability; acquiring an attack and defense income matrix according to the current risk value of the process control system;
(5) establishing a linear equation set according to a mixed strategy of an attacker, a mixed strategy of a process control system and an attack and defense income matrix; solving the system of linear equations to obtain an optimal strategy for the process control system.
2. The dynamic security policy acquisition method according to claim 1, wherein said step (1) comprises the sub-steps of:
(1.1) enumerating attack scenes according to security vulnerabilities of a process control system, and decomposing combined attacks in the attack scenes into atomic attacks; an attack event set l is formed by the corresponding events of each atomic attack in all attack scenesA
A failure set l is formed from all system functions of the process control systemF
Formation of a safety time set l from safety events of a process control systemE
Asset loss set/is formed from assets of a process control systemZ
Set attack events lAFunctional failure set lFSet of security events lEAnd set of asset losses lZAre combined into a Bayesian network node set l ═ lA∪lF∪lE∪lZ
Set of attack events lAElement a ∈ l in (1)AShowing that an attacker attacks the system by using an attack means a; set of functional failures lFElement f ∈ l in (1)FIndicating that the system function f has failed; set of security events lEElement e ∈ l in (1)EIndicating that a security event e has occurred; set of asset losses lZElement z ∈ l in (1)ZIndicating that the system asset z has been compromised;
each element n ∈ l in the set of bayesian network nodes has two states: "occurred", "not occurred"; the state "occurrence" is represented by 1, and the state "non-occurrence" is represented by 0;
(1.2) traversing each element m ∈ l- { n } in the set l- { n } for each element n ∈ l in the set of Bayesian network nodes, and adding m to the parent set n of n nodes if m occurrence could cause n to occur*Performing the following steps;
(1.3) for each element n ∈ l in the Bayesian network node set, establishing a conditional probability table of the node n
Wherein p isiRepresenting the probability of node n occurring when the father node is in the ith state;
each element n ∈ l in the Bayesian network node set with its parent node set as n*={n1,n2,…,nkWhere k is the number of parent nodes of node n;
the state of each father node is 1 and 0, and the state of the father node of the node n is 2kSeed growing; parent node n in the ith statejIn a state of Denotes "rounded down", i.e. the largest integer not greater than x;
(1.4) according to BayesSet of nodes n of the grid, i parent node n of each node n ∈ l*And conditional probability table p for each node, establishing a Bayesian network
(1.5) evaluating each asset node n ∈ l in the set l of Bayesian network nodesZValue v (n).
3. The dynamic security policy acquisition method according to claim 2, wherein said step (2) comprises the sub-steps of:
(2.1) enumerating all information security defense strategies D ═ S ≧ U ^ R of the process control system;
wherein, S refers to a security policy set for preventing further progress of intrusion attack; r refers to a recovery strategy set and is used for recovering system functions which are failed due to intrusion attacks;
(2.2) determining the attack strategies which can be prevented by each security strategy S ∈ S, and constructing an attack strategy set A of the security strategy S according to all the attack strategies which can be prevented by the security strategy Ss
Determining the system function which can cause failure after each security policy S ∈ S is implemented, and constructing a failure function set F of the policy S according to the failure function caused by the security policy Ss
(2.3) determining the system functions which can be recovered by each recovery strategy R ∈ R, and constructing a recovery function set F of the recovery strategy R according to all the system functions which can be recovered by the recovery strategy Rr
4. A dynamic security policy acquisition method according to claim 3, wherein said step (3) comprises the sub-steps of:
(3.1) carrying out real-time intrusion detection on the process control system, and adding an attack strategy a into the Bayesian network when detecting that an attacker implements the attack strategy aIn evidence set E of (a);
carrying out real-time anomaly detection on the process control system, and adding the system function f and the safety event e into the Bayesian network when detecting that the system function f is invalid or the safety event e occursIn the evidence set E, an initial evidence set E is obtained0
Obtaining current Bayesian network by using clique tree propagation methodEach asset node n ∈ lZProbability p (n); obtaining the current risk value of the process control system according to the probability p (n)(3.2) traversing all attack strategies a ∈ E in the evidence set E, and constructing a potential attack strategy set A' according to all child nodes;
(3.3) for each attack policy a ∈ A 'in the set of potential attack policies A', traverse all security policies S ∈ S in the set of security policies S if a ∈ AsThen, a potential security policy set S' is constructed according to the security policy S;
(3.4) detecting the abnormality of the process control system, and constructing a failed function set F according to all failed functions;
for each system function F ∈ F in the failed function set F, go through all recovery policies R ∈ R if F ∈ FrThen constructing a potential recovery strategy set R' according to the recovery strategy R;
and (3.5) constructing a system potential defense strategy set D '═ S'. sub.R 'according to the potential security strategy set S' and the potential recovery strategy set.
5. The dynamic security policy acquisition method according to claim 4, wherein said step (4) comprises the sub-steps of:
(4.1) putting the ith potential attack strategyaiAnd jth potential defense strategy djForm an attack and defense strategy combination (a)i,dj) (ii) a All the attack and defense strategies are combined to form an attack and defense strategy combination set AD;
(4.2) Bayesian networkIs restored to the initial evidence set E0(ii) a And combines the attack and defense strategies in the AD seti,dj) Potential attack strategy aiThe state of the node is set to 1 and marked as evidence in the Bayesian networkPerforming the following steps; wherein the attack strategy aiA state of a node of 1 indicates that it has occurred;
(4.3) policy d for each defensejIf d isjIs a recovery strategy, the symbol r is usedjRepresents; if r isjRecovery function set ofIn-existence of system functionsIf the system is damaged, the state of the system function f is set to 0 and marked on the Bayesian network as evidencePerforming the following steps; wherein, the state of the system function f is 0, which indicates that no occurrence;
(4.4) policy d against each defensejIf d isjIs a security policy, then the symbol s is usedjRepresents; for security policy sjSet of attack strategiesEach attack strategy in (1)Modifying the conditional probability tables of all the child nodes;
obtaining a conditional probability table of each child node of the attack strategy aWherein, each child node comprises a and has z father nodes;
when the attack strategy a is the h-th parent node of a certain child node, the conditional probability table is modified so that all p in the conditional probability tableα=pα′
Wherein α ═ (b)1b2…bh-11bh+1…bz)2,α′=(b1b2…bh-10bh+1…bz)2,bi∈{0,1},
For security policy sjSet of fail functions ofEach system function in (1)The state of the system function is set to 1 and marked as evidence in the Bayesian networkPerforming the following steps; wherein a state of 1 for a system function indicates a failure;
(4.5) obtaining the current Bayesian network by using the clique tree propagation methodEach asset node n ∈ lZProbability p (n);
obtaining the current risk value of the process control system according to the probability p (n)
(4.6) judging whether the attack and defense strategy combination set AD is an empty set, if so, entering a step 4.7, and if not, entering a step 4.2;
(4.7) controlling the current risk value of the system according to the processObtaining an attack and defense income matrix
Wherein,
6. the dynamic security policy acquisition method of claim 5 wherein said step (5) comprises solving the following system of linear equations, the root β of which*The optimal safety strategy of the process control system is obtained;
∂ u ( α , β ) ∂ α i = 0 , i = 1 , 2 , ... , x - 1 ∂ u ( α , β ) ∂ β j = 0 , j = 1 , 2 , ... , y - 1 Σ i = 1 x α i = 1 Σ j = 1 y β j = 1 ;
wherein,α=(α1,α2,…,αx),αi∈[0,1];hybrid strategy for attacker β ═ β1,β2,…,βy),βj∈[0,1];Refers to a hybrid strategy for a process control system.
CN201610972598.XA 2016-10-28 2016-10-28 The security strategy dynamic acquisition method of Process Control System based on attacking and defending game Active CN106453379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610972598.XA CN106453379B (en) 2016-10-28 2016-10-28 The security strategy dynamic acquisition method of Process Control System based on attacking and defending game

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610972598.XA CN106453379B (en) 2016-10-28 2016-10-28 The security strategy dynamic acquisition method of Process Control System based on attacking and defending game

Publications (2)

Publication Number Publication Date
CN106453379A true CN106453379A (en) 2017-02-22
CN106453379B CN106453379B (en) 2018-10-16

Family

ID=58179841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610972598.XA Active CN106453379B (en) 2016-10-28 2016-10-28 The security strategy dynamic acquisition method of Process Control System based on attacking and defending game

Country Status (1)

Country Link
CN (1) CN106453379B (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106936855A (en) * 2017-05-12 2017-07-07 中国人民解放军信息工程大学 Network security defence decision-making based on attacking and defending differential game determines method and its device
CN108418800A (en) * 2018-02-01 2018-08-17 国网江苏省电力有限公司苏州供电分公司 Power information system security policy system based on eligibility trace and online updating formula
CN108683664A (en) * 2018-05-15 2018-10-19 北京理工大学 A kind of network risk analysis based on multi-level betting model and optimal active defense method
CN108696534A (en) * 2018-06-26 2018-10-23 中国人民解放军战略支援部队信息工程大学 Real-time network security threat early warning analysis method and its device
CN108769062A (en) * 2018-06-26 2018-11-06 国网福建省电力有限公司 A kind of defence method towards power information physical system multi-Stage Network Attack
CN109194684A (en) * 2018-10-12 2019-01-11 腾讯科技(深圳)有限公司 A kind of method, apparatus and calculating equipment of simulation Denial of Service attack
CN109359750A (en) * 2018-10-15 2019-02-19 北京航空航天大学 A kind of cluster condition maintenarnce decision-making technique based on heuristic game theory
CN110574091A (en) * 2017-03-03 2019-12-13 Mbda法国公司 Method and apparatus for predicting optimal attack and defense solutions in military conflict scenarios
CN111447182A (en) * 2020-03-05 2020-07-24 清华大学 Method for defending link flooding attack and method for simulating link flooding attack
CN111641596A (en) * 2020-05-11 2020-09-08 湖南大学 Power network information physical potential safety hazard assessment method and system and power system
CN112598035A (en) * 2020-12-14 2021-04-02 西北工业大学 Sensor identification information selection method based on evolutionary game
CN113132361A (en) * 2021-03-31 2021-07-16 福建奇点时空数字科技有限公司 SDN network DDos resisting method based on game reward and punishment mechanism
CN114553489A (en) * 2022-01-24 2022-05-27 北京北卡星科技有限公司 Industrial control system safety protection method and device based on multi-objective optimization algorithm
CN115065491A (en) * 2022-03-30 2022-09-16 成都市以太节点科技有限公司 Function and information security policy comprehensive selection method, electronic equipment and storage medium
CN115801334A (en) * 2022-10-27 2023-03-14 华中科技大学 Intelligent instrument function safety and information safety strategy fusion method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808020A (en) * 2010-04-19 2010-08-18 吉林大学 Intrusion response decision-making method based on incomplete information dynamic game
CN101820413A (en) * 2010-01-08 2010-09-01 中国科学院软件研究所 Method for selecting optimized protection strategy for network security
CN104299169A (en) * 2014-09-26 2015-01-21 华中科技大学 Online sewage disposal system information safety risk analysis method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820413A (en) * 2010-01-08 2010-09-01 中国科学院软件研究所 Method for selecting optimized protection strategy for network security
CN101808020A (en) * 2010-04-19 2010-08-18 吉林大学 Intrusion response decision-making method based on incomplete information dynamic game
CN104299169A (en) * 2014-09-26 2015-01-21 华中科技大学 Online sewage disposal system information safety risk analysis method and system

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110574091A (en) * 2017-03-03 2019-12-13 Mbda法国公司 Method and apparatus for predicting optimal attack and defense solutions in military conflict scenarios
CN106936855A (en) * 2017-05-12 2017-07-07 中国人民解放军信息工程大学 Network security defence decision-making based on attacking and defending differential game determines method and its device
CN106936855B (en) * 2017-05-12 2020-01-10 中国人民解放军信息工程大学 Network security defense decision-making determination method and device based on attack and defense differential game
CN108418800A (en) * 2018-02-01 2018-08-17 国网江苏省电力有限公司苏州供电分公司 Power information system security policy system based on eligibility trace and online updating formula
CN108418800B (en) * 2018-02-01 2020-08-04 国网江苏省电力有限公司苏州供电分公司 Power information system security policy system based on qualification trace and online update
CN108683664B (en) * 2018-05-15 2019-07-16 北京理工大学 A kind of network risk analysis and optimal active defense method based on multi-level betting model
CN108683664A (en) * 2018-05-15 2018-10-19 北京理工大学 A kind of network risk analysis based on multi-level betting model and optimal active defense method
CN108696534A (en) * 2018-06-26 2018-10-23 中国人民解放军战略支援部队信息工程大学 Real-time network security threat early warning analysis method and its device
CN108769062A (en) * 2018-06-26 2018-11-06 国网福建省电力有限公司 A kind of defence method towards power information physical system multi-Stage Network Attack
CN108769062B (en) * 2018-06-26 2020-12-29 国网福建省电力有限公司 Defense method for multi-stage network attack of power information physical system
CN108696534B (en) * 2018-06-26 2021-01-08 中国人民解放军战略支援部队信息工程大学 Real-time network security threat early warning analysis method and device
CN109194684A (en) * 2018-10-12 2019-01-11 腾讯科技(深圳)有限公司 A kind of method, apparatus and calculating equipment of simulation Denial of Service attack
CN109359750A (en) * 2018-10-15 2019-02-19 北京航空航天大学 A kind of cluster condition maintenarnce decision-making technique based on heuristic game theory
CN111447182A (en) * 2020-03-05 2020-07-24 清华大学 Method for defending link flooding attack and method for simulating link flooding attack
CN111641596A (en) * 2020-05-11 2020-09-08 湖南大学 Power network information physical potential safety hazard assessment method and system and power system
CN111641596B (en) * 2020-05-11 2021-08-20 湖南大学 Power network information physical potential safety hazard assessment method and system and power system
CN112598035A (en) * 2020-12-14 2021-04-02 西北工业大学 Sensor identification information selection method based on evolutionary game
CN113132361A (en) * 2021-03-31 2021-07-16 福建奇点时空数字科技有限公司 SDN network DDos resisting method based on game reward and punishment mechanism
CN113132361B (en) * 2021-03-31 2022-11-22 厦门美域中央信息科技有限公司 SDN network DDos resisting method based on game reward and punishment mechanism
CN114553489A (en) * 2022-01-24 2022-05-27 北京北卡星科技有限公司 Industrial control system safety protection method and device based on multi-objective optimization algorithm
CN115065491A (en) * 2022-03-30 2022-09-16 成都市以太节点科技有限公司 Function and information security policy comprehensive selection method, electronic equipment and storage medium
CN115801334A (en) * 2022-10-27 2023-03-14 华中科技大学 Intelligent instrument function safety and information safety strategy fusion method and system
CN115801334B (en) * 2022-10-27 2024-05-14 华中科技大学 Intelligent instrument function safety and information safety strategy fusion method and system

Also Published As

Publication number Publication date
CN106453379B (en) 2018-10-16

Similar Documents

Publication Publication Date Title
CN106453379B (en) The security strategy dynamic acquisition method of Process Control System based on attacking and defending game
Chen et al. Distributed $ H_\infty $ filtering for switched stochastic delayed systems over sensor networks with fading measurements
Li et al. Detecting cyberattacks in industrial control systems using online learning algorithms
Azizipour et al. Optimal operation of hydropower reservoir systems using weed optimization algorithm
Terai et al. Cyber-attack detection for industrial control system monitoring with support vector machine based on communication profile
Robles-Durazno et al. A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system
CN112926023B (en) Power transmission network fault diagnosis method based on P system considering meteorological factors
Qin et al. Association analysis-based cybersecurity risk assessment for industrial control systems
CN104517041B (en) A kind of real-time method for detecting abnormality of chemical engineering data stream based on maximum informational entropy
Mohammadi et al. A projection neural network for identifying copy number variants
Metenidis et al. A novel genetic programming approach to nonlinear system modelling: application to the DAMADICS benchmark problem
Li et al. Takagi–Sugeno fuzzy based power system fault section diagnosis models via genetic learning adaptive GSK algorithm
Ruan et al. Deep learning-based fault prediction in wireless sensor network embedded cyber-physical systems for industrial processes
Yuan et al. Integrated process safety and process security risk assessment of industrial cyber-physical systems in chemical plants
Mohamed et al. Data mining-based cyber-physical attack detection tool for attack-resilient adaptive protective relays
Elnour et al. A Machine Learning Based Framework for Real-Time Detection and Mitigation of Sensor False Data Injection Cyber-Physical Attacks in Industrial Control Systems
Wang et al. Distributed H∞ consensus fault detection for uncertain T‐S fuzzy systems with time‐varying delays over lossy sensor networks
CN111144572B (en) Disaster situation inference method and system for power distribution network based on tree Bayesian network
Tian et al. Process fault prognosis using a fuzzy‐adaptive unscented Kalman predictor
Zhang et al. Security-Oriented Cyber-Physical Risk Assessment for Cyberattacks on Distribution System
US10956578B2 (en) Framework for determining resilient manifolds
Rana et al. Residual saturation based Kalman filter for smart grid state estimation under cyber attacks
Wang et al. AI-enhanced multi-stage learning-to-learning approach for secure smart cities load management in IoT networks
Aliyari Securing industrial infrastructure against cyber-attacks using machine learning and artificial intelligence at the age of industry 4.0
Wang et al. Inference of compromised synchrophasor units within substation control networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant