计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (11A): 240200052-11.doi: 10.11896/jsjkx.240200052

• 信息安全 • 上一篇    下一篇

基于知识图谱的空管信息系统威胁评估研究

顾兆军1, 杨文1,2, 隋翯1,3, 李志平1   

  1. 1 中国民航大学信息安全测评中心 天津 300300
    2 中国民航大学计算机科学与技术学院 天津 300300
    3 中国民航大学航空工程学院 天津 300300
  • 出版日期:2024-11-16 发布日期:2024-11-13
  • 通讯作者: 隋翯(hsui@cauc.edu.cn)
  • 作者简介:(e1ther@163.com)
  • 基金资助:
    中国民航大学信息安全测评中心开放基金(ISECCA-202103);民航安全能力建设基金(PESA2022093);中国民航大学研究生科研创新资助项目(2022YJS060);中央高校基本科研业务费中国民航大学专项基金项目(3122022058)

Threat Assessment of Air Traffic Control Information System Based on Knowledge Graph

GU Zhaojun1, YANG Wen1,2, SUI He1,3, LI Zhiping1   

  1. 1 Information Security Evaluation Center,Civil Aviation University of China,Tianjin 300300,China
    2 School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China
    3 School of Aeronautical Engineering,Civil Aviation University of China,Tianjin 300300,China
  • Online:2024-11-16 Published:2024-11-13
  • About author:GU Zhaojun,born in 1966,Ph.D,professor.His main research interests include network and information security and civil aviation information systems.
    SUI He,born in 1987,Ph.D,lecturer.His main research interests include industrial control systems,networks and information security.
  • Supported by:
    Information Security Evaluation Center of Civil Aviation University of China(ISECCA-202103),Civil Aviation Safety Capacity Building Fund(PESA2022093),Civil Aviation University of China Graduate Research Innovation Funding Project(2022YJS060) and Fundamental Research Funds for the Central Universities Special Fund Project of Civil Aviation University of China(3122022058).

PDF (PC)

159

摘要: 随着空管信息系统的智能化和开放化发展,风险暴露面正逐渐增大。威胁评估是有效评估空管信息系统脆弱性和安全风险的重要手段,但以往的威胁评估模型大多存在两方面的局限。一方面,通常只关注威胁信息的显性关联关系,导致潜在的攻击路径被忽视或未能被准确地分析;另一方面,在量化威胁时考虑的因素较为粗略,与实际系统环境脱节,导致威胁严重程度和实际情况不符。为此,提出一种基于知识图谱的空管信息系统威胁评估模型。将知识图谱本体模型范围扩展到资产安全属性、缓解措施和被攻陷资产等关键概念,充分融合资产、攻击、漏洞等多源威胁数据构建安全知识图谱,并设计逻辑推理规则弥补知识图谱描述能力的限制;提出推理规则融合广度优先策略的攻击路径识别算法,提取更加全面和准确的攻击路径和攻击关系;基于系统实际运行环境提出细粒度的威胁量化方法,考虑资产外部暴露程度、物理保护和网络防护等因素。实验表明该评估模型有助于识别空管信息系统中多漏洞联合利用形成的潜在攻击路径,同时根据威胁量化对攻击响应进行优先级排序,能有效提高网络安全防御效率。

关键词: 空管信息系统, 知识图谱, 推理规则, 攻击路径, 威胁评估

Abstract: With the development of intelligent and open air traffic control information system,the risk exposure is gradually increasing.Threat assessment is an important means to effectively assess the vulnerability and security risk of air traffic control information system.However,most of the previous threat assessment models have have two limitations.On the one hand,they usually only focus on the explicit correlation of threat information,which leads to the potential attack path being ignored or not accurately analyzed.On the other hand,the factors taken into account in the quantification of threats are rough and out of line with the actual system environment,resulting in the threat severity not being consistent with the actual situation.Therefore,an air traffic control information system threat assessment model based on knowledge graph is proposed.This paper extends the scope of knowledge graph ontology model to key concepts such as asset security attributes,mitigation measures and compromised assets,fully integrates multi-source threat data such as assets,attacks and vulnerabilities to build security knowledge graph,and designs logical reasoning rules to make up for the limitation of description ability of knowledge graph.An attack path recognition algorithm based on breadth-first strategy combined with inference rules is proposed to extract more comprehensive and accurate attack paths and attack relationships.A fine-grained threat quantification method is proposed based on the actual operating environment of the system,considering the external exposure degree of assets,physical protection and network protection.Experiments show that this evaluation model can help to identify potential attack paths formed by the joint exploitation of multiple vulnerabilities in air traffic control information system,and prioritize attack responses according to threat quantification,which can effectively improve the efficiency of network security defense.

Key words: Air traffic control information system, Knowledge graph, Inference rule, Attack path, Threat assessment

中图分类号: 

  • TP393
[1]YANG Y,HUANG C,ZHANG H,et al.Research on airspace security risk assessment technology based on knowledge Graph[C]//2021 IEEE 21st International Conference on Software Quality,Reliability and Security Companion(QRS-C).IEEE,2021:980-986.
[2]MH/T 0076-2020,Basic requirements for Grade protection ofcivil aviation network security[S].2020.
[3]DAVE G,CHOUDHARY G,SIHAG V,et al.Cyber security challenges in aviation communication,navigation,and surveillance[J].Computers & Security,2022,112:102516.
[4]UKWANDU E,BEN-FARAH M A,HINDY H,et al.Cyber-se-curity challenges in aviation industry:A review of current and future trends[J].Information,2022,13(3):146.
[5]ROY S,TAMIMI A,HAHNA,et al.A modeling framework for assessing cyber disruptions and attacks to the national airspace system[C]//2018 AIAA Modeling and Simulation Technologies Conference.2018.
[6]LU X,WU Z,WU Y,et al.Atmchain:Blockchain-based solution to security problems in air traffic management[C]//2021 IEEE/AIAA 40th Digital Avionics Systems Conference(DASC).IEEE,2021:1-8.
[7]JIA Y,QI Y,SHANG H,et al.A practical approach to constructing a knowledge graph for cybersecurity[J].Engineering,2018,4(1):53-60.
[8]WANG Y,LI Y,CHEN X,et al.Implementing Network Attack Detection with a Novel NSSA Model Based on Knowledge Graphs[C]//2020 IEEE 19th International Conference on Trust,Security and Privacy in Computing and Communications(TrustCom).Guangzhou,China,2020:1727-1732.
[9]CHOWDHARY A,HUANG D,MAHENDRAN J S,et al.Autonomous security analysis and penetration testing[C]//2020 16th International Conference on Mobility,Sensing and Networking(MSN).IEEE,2020:508-515.
[10]SUN L,LI Z,XIE L,et al.APTKG:Constructing Threat Intelligence Knowledge Graph from Open-Source APT Reports Based on Deep Learning[C]//2022 5th International Conference on Data Science and Information Technology(DSIT).IEEE,2022:1-6.
[11]PANG T Y,SONG Y,SHEN Q J.Research on security threat assessment for power iot terminal based on knowledge graph[C]//2021 IEEE 5th Information Technology,Networking,Electronic and Automation Control Conference(ITNEC).IEEE,2021,5:1717-1721.
[12]KIESLING E,EKELHART A,KURNIAWAN K,et al.TheSEPSES knowledge graph:an integrated resource for cybersecurity[C]//The Semantic Web-ISWC 2019:18th International Semantic Web Conference,Auckland,New Zealand,Part II 18.Springer International Publishing,2019:198-214.
[13]REN Y,XIAO Y,ZHOU Y,et al.CSKG4APT:A CybersecurityKnowledge Graph for Advanced Persistent Threat Organization Attribution[J].IEEE Transactions on Knowledge and Data Engineering,2022,35(6):5695-5709.
[14]WANG S,WANG J H,TANG G G M,et al.An Intelligent andEfficient Method for Generating Optimal permeation Path[J].Journal of Computer Research and Development,2019,56(5):929-941.
[15]WU S,ZHANG Y,CAO W.Network security assessment using a semantic reasoning and graph based approach[J].Computers &Electrical Engineering,2017,64:96-109.
[16]LIU C,WANG B,WANG Z,et al.TCFLTformer:TextCNN-Flat-Lattice Transformer for Entity Recognition of Air Traffic Management Cyber Threat Knowledge Graphs[J].Aerospace,2023,10(8):697.
[17]KAWANISHI Y,NISHIHARA H,YOSHIDA H,et al.A Study on Threat Analysis and Risk Assessment Based on the “Asset Container” Method and CWSS[J].IEEE Access,2023,11:18148-18156.
[18]UR-REHMAN A,GONDAL I,KAMRUZZAMAN J,et al.Vulnerability modelling for hybrid industrial control system networks[J].Journal of Grid Computing,2020,18:863-878.
[19]ELMARADY A A,RAHOUMA K.Studying cybersecurity in civil aviation,including developing and applying aviation cybersecurity risk assessment[J].IEEE Access,2021,9:143997-144016.
[20]XIE Y,GARDI A,SABATINI R.Cybersecurity Trends in Low-Altitude Air Traffic Management[C]//2022 IEEE/AIAA 41st Digital Avionics Systems Conference(DASC).IEEE,2022:1-9.
[21]STROHMEIER M,TRESOLDI G,GRANGER L,et al.Building an avionics laboratory for cybersecurity testing[C]//Proceedings of the 15th Workshop on Cyber Security Experimentation and Test.2022:10-18.
[22]WU Z,DONG R,WANG P.Research on Game Theory of Air Traffic Management Cyber Physical System Security[J].Aerospace,2022,9(8):397.
[23]SHEN G,WANG W,MU Q,et al.Data-driven cybersecurityknowledge graph construction for industrial control system security[J].Wireless Communications and Mobile Computing,2020,2020:1-13.
[24]GAMBARELLI G,GANGEMI A.PRIVAFRAME:A Frame-Based Knowledge Graph for Sensitive Personal Data[J].Big Data and Cognitive Computing,2022,6(3):90.
[25]HOU S,CHEN X,MA J,et al.An Ontology-Based Dynamic Attack Graph Generation Approach for the Internet of Vehicles[J].Frontiers in Energy Research,2022,10:808.
[26]ABRAHAM S,NAIR S.A predictive framework for cyber security analytics using attack graphs[J].arXiv:1502.01240,2015.
[27]ZHANG K,LIU J J.A threat path generation Method based on Knowledge Graph[J].Computer Simulation,2022,39(4):350-356.
[28]CHEN Y,LIU J,XIAN M,et al.Construction of network securi-ty domain knowledge graph for network attack detection[C]//Proceedings of the 2022 6th International Conference on Electronic Information Technology and Computer Engineering.2022:1171-1178.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发