Computer Science ›› 2018, Vol. 45 ›› Issue (11): 143-148.doi: 10.11896/j.issn.1002-137X.2018.11.021

• Information Security • Previous Articles     Next Articles

Penetration Testing Method for Cyber-Physical System Based on Attack Graph

XU Bing-feng1, HE Gao-feng2   

  1. (College of Information Science and Technology,Nanjing Forestry University,Nanjing 210037,China)1
    (School of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210003,China)2
  • Received:2017-09-20 Published:2019-02-25

Abstract: As a typical example of security-related system,cyber-physical system (CPS) is the high-value target of network attack.Therefore,its security protection needs to be effectively assessed.To this end,a penetration testing methodfor CPS based on attack graph is proposed.Firstly,the traditional attack graph is improved and a new attack graph for CPS (AGC) is proposed.Specifically,the physical attack,the duration of the attack and the continuous variable value of physical system are considered in AGC.Additionally,the attack feasibility parameter is added to represent the success rate of single-step attack.Secondly,based on AGC,the optimal attack path selection strategies are represented,including the minimum attack cost,the shortest attack time and so on.Furthermore,the intelligent penetration testing algorithm is designed to accomplish automated penetration.Finally,the effectiveness of the proposed method is verified by case study.The results show that the method can select the optimal attack path to the target,intelligently adjust the subsequent attack steps according to the feedback,and assess the security of CPS effectively.

Key words: Attack graph, Cyber-physical system, Optimal attack path, Security assessment

CLC Number: 

  • TP393
[1]AYAN B,TRIDIB M.Ensuring Safety,Security and Sustainability of Mission-Critical Cyber-Physical Systems [J].Proceedings of the IEEE,2012,100(1):283-299.
[2]PENG K L,PENG W,WANG D X,et al.Research Survey on Security Issues in Cyber-Physical Systems [J].Netinfo Security,2016(7):20-28.(in Chinese)
彭昆仑,彭伟,王东霞,等.信息物理融合系统安全问题研究综述[J].信息网络安全,2016(7):20-28.
[3]TANG Y,CHEN Q,LI M Y,et al.Overview on Cyber-attacks Against Cyber Physical Power System [J].Automation of Electric Power Systems,2016,40(17):59-69.(in Chinese)
汤奕,陈倩,李梦雅,等.电力信息物理融合系统环境中的网络攻击研究综述[J].电力系统自动化,2016,40(17):59-69.
[4]国家互联网信息办公室.国家网络空间安全战略[EB/OL].(2016-12-27).http://www.cac.gov.cn/2016-12/27/c_1120195926.htm.
[5]FANG B X,JIA Y,LI A P,et al.Cyber Ranges:state-of-the-art and research challenges [J].Journal of Cyber Security,2016,1(3):1-9.(in Chinese)
方滨兴,贾焰,李爱平,等.网络空间靶场技术研究[J].信息安全学报,2016,1(3):1-9.
[6]BYES E J,FRANZ M,MILLER D.The use of attack trees in assessing vulnerabilities in SCADA systems [C]∥Proceedings of the 2004 IEEE Conference on International Infrastructure Survivability Workshop.Lisbon,Portugal:IEEE,2004:210-217.
[7]XIE F,LU T,GUO X,et al.Security analysis on cyber-physical system using attack tree [C]∥Proceedings of the 2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.Piscataway,NJ:IEEE,2013:429-432.
[8]DAMODARAN S K,COURETAS J M.Cyber modeling & simu- lation for cyber-range events[C]∥Proceedings of the Conferen-ce on Summer Computer Simulation.Chicago,Illinois:Society for Computer Simulation International,2015:1-8.
[9]SABALIAUSKAITE G,MATHUR A P.Aligning cyber-physical system safety and security [M]∥Complex Systems Design &Management Asia.Springer International Publishing,2015:41-53.
[10]LU H K,CHEN D Q,PENG Y,et al.Quantitative research on risk Assessment for information security of industrial control system [J].Process Automation Instrumentation,2013,35(10):21-25.(in Chinese)
卢慧康,陈冬青,彭勇,等.工业控制系统信息安全风险评估量化研究[J].自动化仪表,2013,35(10):21-25.
[11]WOO P S,KIM B H,HUR D.Towards Cyber security risks assessment in electric utility SCADA systems[J].Journal of Electrical Engineering and Technology,2015,10(3):888-894.
[12]BOUCHTI A E,HAQIQ A.Modeling cyber-attack for SCADA systems using CoPNet approach [C]∥Proceedings of International Conference on Complex Systems.Agadir,Morocco:IEEE Press,2012:1-6.
[13]WANG Z G,WEI Q,LIU W W.Quantitative risk assessment of industrial control systems based on attack-tree and CVSS [J].Application Research of Computers,2016,33(12):3785-3790.(in Chinese)
王作广,魏强,刘雯雯.基于攻击树与 CVSS 的工业控制系统风险量化评估[J].计算机应用研究,2016,33(12):3785-3790.
[14]CUI Y,ZHANG L J,WU H.Automatic generation method for penetration test programs based on attack graph [J].Journal of Computer Applications,2010,30(8):2146-2150.(in Chinese)
崔颖,章丽娟,吴灏.基于攻击图的渗透测试方案自动生成方法[J].计算机应用,2010,30(8):2146-2150.
[15]LUAN J,WANG J,XUE M.Automated Vulnerability Modeling and Verification for Penetration Testing Using Petri Nets[C]∥International Conference on Cloud Computing and Security.Springer International Publishing,2016:71-82.
[16]MAINKA C,SOMOROVSKY J,SCHWENK J.Penetration testing tool for web services security[C]∥Proceedings of 2012 IEEE Eighth World Congress on Services (SERVICES).Honolulu,HI,USA:IEEE,2012:163-170.
[17]ANTUNES N,VIEIRA M.Penetration testing for web services [J].Computer,2014,47(2):30-36.
[18]PENG Y,JIANG C Q,XIANG T,et al.Cyber-physical attack modeling and impact on critical infrastructure [J].Journal of Tsinghua University(Science and Technology),2013,53(12):1653-1663.(in Chinese)
彭勇,江常青,向憧,等.关键基础设施信息物理攻击建模和影响评价[J].清华大学学报(自然科学版),2013,53(12):1653-1663.
[19]KAYNAR K,SIVRIKAYA F.Distributed attack graph generation [J].IEEE Transactions on Dependable and Secure Computing,2016,13(5):519-532.
[20]QIU J,WANG T,YIN S,et al.Data-based optimal control for networked double-layer industrial processes[J].IEEE Transactions on Industrial Electronics,2017,64(5):4179-4186.
[21]LI H,WANG Y,CAO Y.Searching Forward Complete Attack Graph Generation Algorithm Based on Hypergraph Partitioning [J].Procedia Computer Science,2017,107(C):27-38.
[22]Common vulnerability scoring system v3.0:specification document[R].North Carolina:FIRST-Forum of Incident Response and Security Teams,2015.
[1] LI Jia-rui, LING Xiao-bo, LI Chen-xi, LI Zi-mu, YANG Jia-hai, ZHANG Lei, WU Cheng-nan. Dynamic Network Security Analysis Based on Bayesian Attack Graphs [J]. Computer Science, 2022, 49(3): 62-69.
[2] YANG Ping, SHU Hui, KANG Fei, BU Wen-juan, HUANG Yu-yao. Generating Malicious Code Attack Graph Using Semantic Analysis [J]. Computer Science, 2021, 48(6A): 448-458.
[3] ZHANG Kai, LIU Jing-ju. Attack Path Analysis Method Based on Absorbing Markov Chain [J]. Computer Science, 2021, 48(5): 294-300.
[4] YANG Wen-hua,XU Chang,YE Hai-bo,ZHOU Yu,HUANG Zhi-qiu. Taxonomy of Uncertainty Factors in Intelligence-oriented Cyber-physical Systems [J]. Computer Science, 2020, 47(3): 11-18.
[5] LI Zhi, DENG Jie, YANG Yi-long, WEI Shang-feng. Transformational Approach from Problem Models of Cyber-Physical Systems to Use Case Diagrams in UML [J]. Computer Science, 2020, 47(12): 65-72.
[6] XU Bing-feng, HE Gao-feng, ZHANG Li-ning. Risk Modeling for Cyber-physical Systems Based on State/Event Fault Trees [J]. Computer Science, 2019, 46(5): 105-110.
[7] YE Zi-wei, GUO Yuan-bo, LI Tao, JU An-kang. Extended Attack Graph Generation Method Based on Knowledge Graph [J]. Computer Science, 2019, 46(12): 165-173.
[8] ZENG Sai-wen, WEN Zhong-hua, DAI Liang-wei and YUAN Run. Analysis of Network Security Based on Uncertain Attack Graph Path [J]. Computer Science, 2017, 44(Z6): 351-355.
[9] LIU Chun, HUANG Ran-ran and HAN Dao-jun. Goal Oriented Approach for Analayzing Event Model of Cyber-physical Systems [J]. Computer Science, 2017, 44(4): 100-103.
[10] ZHU Hua-min, WU Li-fa and KANG Hong-kai. Research of Cloud Provider Selection Method Based on SecLA [J]. Computer Science, 2016, 43(5): 100-107.
[11] SHAN Mei-jing. Analytic Hierarchy Process-based Assessment Method on Mobile Payment Security [J]. Computer Science, 2015, 42(Z11): 368-371.
[12] YANG Zhi-cai, QIU Hang-ping, QUAN Ji-chuan and LEI Zhi-peng. Node Importance Ordering for Topology Structure of Cyber-physical Systems [J]. Computer Science, 2015, 42(8): 128-131.
[13] GONG Yan,LI Su-jian and XING En-hui. Comprehensive Transportation Cyber-physical System [J]. Computer Science, 2014, 41(Z11): 43-46.
[14] ZHANG Jian,WANG Jin-dong,ZHANG Heng-wei and WANG Na. Network Risk Analysis Method Based on Node-Game Vulnerability Attack Graph [J]. Computer Science, 2014, 41(9): 169-173.
[15] JIAO Jian and CHEN Xin. Analysis for Network Security by Stochastic Petri-net [J]. Computer Science, 2014, 41(7): 119-121.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!