计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (12): 339-350.doi: 10.11896/jsjkx.250100143

• 信息安全 • 上一篇    下一篇

变电站远程监控网络攻击路径自动发现方法

史俊楠, 陈泽茂, 张立强   

  1. 武汉大学国家网络安全学院 武汉 430072
    武汉大学空天信息安全与可信计算教育部重点实验室 武汉 430072
  • 收稿日期:2025-01-22 修回日期:2025-05-03 出版日期:2025-12-15 发布日期:2025-12-09
  • 通讯作者: 陈泽茂(chenzemao@whu.edu.cn)
  • 作者简介:(2018302180081@whu.edu.cn)
  • 基金资助:
    国家重点研发计划(2022YFC3102805);工业互联网数据安全检测响应与溯源系统(TC220H055)

Automatic Attack Path Discovery Method for Substation Remote Monitoring Network

SHI Junnan, CHEN Zemao, ZHANG Liqiang   

  1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
    Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan University, Wuhan 430072, China
  • Received:2025-01-22 Revised:2025-05-03 Published:2025-12-15 Online:2025-12-09
  • About author:SHI Junnan,born in 2000,postgra-duate.His main research interest is industrial control system cybersecurity.
    CHEN Zemao,born in 1975,Ph.D,professor.His main research interests include information system security,trusted computing and equipment information security.
  • Supported by:
    This work was supported by the National Key Research and Development Program of China(2022YFC3102805) and Industrial Internet Data Security Detection,Response,and Traceability System(TC220H055).

PDF (PC)

4

摘要: 随着变电站从孤立系统发展为跨越IT和OT的复杂联网系统,其面临的安全威胁日益严峻,识别针对变电站远程监控网络的潜在攻击路径变得尤为重要。针对该问题,提出了一种基于MITRE ATT & CK框架的自动化攻击路径规划方法,将MITRE ATT & CK技术作为攻击原语,基于Cyber Kill Chain进行攻击阶段映射,在构建形式化的威胁模型的基础上,设计了PDDL(Planning Domain Definition Language)描述自动生成方法,将网络攻击路径发现问题转换为通用的自动规划问题,实现了对攻击路径的细粒度的自动化分析。实验结果表明,该方法有效降低了对用户专业知识的依赖,能够结合具体的网络拓扑信息,自动生成全面且具有实战指导价值的攻击路径,为自动化渗透测试及安全防护体系建设提供了有力支持。

关键词: 变电站远程监控网络, 自动化攻击路径发现, 威胁建模, 规划领域定义语言, MITRE ATT & CK框架

Abstract: As substations evolve from isolated systems to complex networks spanning IT and OT,the security threats they faced are increasing,making the identification of potential attack paths in remote monitoring networks crucial.This paper presents an automated attack path planning method based on the MITRE ATT & CK framework.It treats ATT & CK techniques as attack primitives and maps attack stages using the Cyber Kill Chain.A formalized threat model is constructed,and a PDDL-based me-thod for automatic generation is proposed,transforming the attack path discovery problem into a general automated planning issue for fine-grained analysis.Experimental results show that this method reduces reliance on user expertise,generates comprehensive and practically valuable attack paths based on specific network topology,and provides strong support for automated penetration testing and security defense system development.

Key words: Substation remote monitoring network, Automated attack path discovery, Threat modeling, Planning domain definition language, MITRE ATT & CK framework

中图分类号: 

  • TP393
[1]ALOMARI M A,AL-ANDOLI M N,GHALEB M,et al.Securi-ty of Smart Grid:Cybersecurity Issues,Potential Cyberattacks,Major Incidents,and Future Directions[J].Energies,2025,18(1):141.
[2]CHAIJ W,LIU S M.Cyber security vulnerability assessment for Smart substations[C]//2016 IEEE PES Asia-Pacific Power and Energy Engineering Conference(APPEEC).IEEE,2016:1368-1373.
[3]KOLOSOK I,KORKINA E.Problems of Cyber Security of Di-gital Substations[C]//International Workshop Critical Infrastructures:Contingency Management,Intelligent,Agent-Based,Cloud Computing And Cyber Security(IWCI 2019).Atlantis Press,2019:75-78.
[4]KHODABAKHSH A,YAYILGAN S Y,HOUMB S H,et al.Cyber-security gaps in a digital substation:From sensors to SCADA[C]//2020 9th Mediterranean Conference on Embedded Computing(MECO).IEEE,2020:1-4.
[5]GASPAR J,CRUZ T,LAM C T,et al.Smart substation communications and cybersecurity:A comprehensive survey[J].IEEE Communications Surveys & Tutorials,2023,25(4):2456-2493.
[6]JBAIR M,AHMAD B,MAPLE C,et al.Threat modelling for industrial cyber physical systems in the era of smart manufacturing[J].Computers in Industry,2022,137:103611.
[7]KALOROUMAKIS P E,SMITH M J.Toward a knowledgegraph of cybersecurity countermeasures[J].The MITRE Corporation,2021,11:2021.
[8]CHEN Z,KANG F,XIONG X,et al.A Survey on Penetration Path Planning in Automated Penetration Testing[J].Applied Sciences,2024,14(18):8355.
[9]BODDY M S,GOHDE J,HAIGH T,et al.Course of ActionGeneration for Cyber Security Using Classical Planning[C]//ICAPS.2005:12-21.
[10]WANG Z,ZHANG Y,LIU Z,et al.An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks[J].Security and Communication Networks,2021,2021(1):1444182.
[11]FOX M,LONG D.PDDL2.1:An extension to PDDL for ex-pressing temporal planning domains[J].Journal of Artificial Intelligence Research,2003,20:61-124.
[12]WANG Y,LI Y,XIONG X,et al.DQfD-AIPT:An IntelligentPenetration Testing Framework Incorporating Expert Demonstration Data[J].Security and Communication Networks,2023,2023(1):5834434.
[13]LIU C,WANG B,LI F,et al.Optimal Attack Path Planningbased on Reinforcement Learning and Cyber Threat Knowledge Graph Combining the ATT&CK for Air Traffic Management System[J/OL].IEEE Transactions on Transportation Electrification,2024.https://doi.org/10.1109/TTE.2024.3377687.
[14]HAPPE A,CITO J.Getting pwn’d by ai:Penetration testingwith large language models[C]//Proceedings of the 31st ACM Joint European Software Engineering Conference and Sympos-ium on the Foundations of Software Engineering.2023:2082-2086.
[15]DENG G,LIU Y,MAYORAL-VILCHES V,et al.{PentestGPT}:Evaluating and harnessing large language models for automated penetration testing[C]//33rd USENIX Security Symposium(USENIX Security 24).2024:847-864.
[16]ASSANTE M J,LEE R M.The industrial control system cyber kill chain[J].SANS Institute InfoSec Reading Room,2015,1(1):2.
[17]ZHANG Z,HUANG X,KEUNE B,et al.Modeling and simulation of data flow for VLAN-based communication in substations[J].IEEE Systems Journal,2015,11(4):2467-2478.
[18]ABDEEN B,AL-SHAER E,SINGHAL A,et al.Smet:Semantic mapping of cve to att&ck and its application to cybersecurity[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Cham:Springer,2023:243-260.
[19]FLÅ L H,BORGAONKAR R,TØNDEL I A,et al.Tool-assisted threat modeling for smart grid cyber security[C]//2021 International Conference on Cyber Situational Awareness,Data Analytics and Assessment(CyberSA).IEEE,2021:1-8.
[20]UMAN O,GHAFOURI M,KASSOUF M,et al.Modeling supply chain attacks in IEC 61850 substations[C]//2019 IEEE International Conference on Communications,Control,and Computing Technologies for Smart Grids(SmartGridComm).IEEE,2019:1-6.
[21]CHATTOPADHYAY A,UKIL A,JAP D,et al.Toward threat of implementation attacks on substation security:Case study on fault detection and isolation[J].IEEE Transactions on Industrial Informatics,2017,14(6):2442-2451.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发