Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (12): 339-350.doi: 10.11896/jsjkx.250100143

• Information Security • Previous Articles     Next Articles

Automatic Attack Path Discovery Method for Substation Remote Monitoring Network

SHI Junnan, CHEN Zemao, ZHANG Liqiang   

  1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
    Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan University, Wuhan 430072, China
  • Received:2025-01-22 Revised:2025-05-03 Online:2025-12-15 Published:2025-12-09
  • About author:SHI Junnan,born in 2000,postgra-duate.His main research interest is industrial control system cybersecurity.
    CHEN Zemao,born in 1975,Ph.D,professor.His main research interests include information system security,trusted computing and equipment information security.
  • Supported by:
    This work was supported by the National Key Research and Development Program of China(2022YFC3102805) and Industrial Internet Data Security Detection,Response,and Traceability System(TC220H055).

PDF (PC)

4

Abstract: As substations evolve from isolated systems to complex networks spanning IT and OT,the security threats they faced are increasing,making the identification of potential attack paths in remote monitoring networks crucial.This paper presents an automated attack path planning method based on the MITRE ATT & CK framework.It treats ATT & CK techniques as attack primitives and maps attack stages using the Cyber Kill Chain.A formalized threat model is constructed,and a PDDL-based me-thod for automatic generation is proposed,transforming the attack path discovery problem into a general automated planning issue for fine-grained analysis.Experimental results show that this method reduces reliance on user expertise,generates comprehensive and practically valuable attack paths based on specific network topology,and provides strong support for automated penetration testing and security defense system development.

Key words: Substation remote monitoring network, Automated attack path discovery, Threat modeling, Planning domain definition language, MITRE ATT & CK framework

CLC Number: 

  • TP393
[1]ALOMARI M A,AL-ANDOLI M N,GHALEB M,et al.Securi-ty of Smart Grid:Cybersecurity Issues,Potential Cyberattacks,Major Incidents,and Future Directions[J].Energies,2025,18(1):141.
[2]CHAIJ W,LIU S M.Cyber security vulnerability assessment for Smart substations[C]//2016 IEEE PES Asia-Pacific Power and Energy Engineering Conference(APPEEC).IEEE,2016:1368-1373.
[3]KOLOSOK I,KORKINA E.Problems of Cyber Security of Di-gital Substations[C]//International Workshop Critical Infrastructures:Contingency Management,Intelligent,Agent-Based,Cloud Computing And Cyber Security(IWCI 2019).Atlantis Press,2019:75-78.
[4]KHODABAKHSH A,YAYILGAN S Y,HOUMB S H,et al.Cyber-security gaps in a digital substation:From sensors to SCADA[C]//2020 9th Mediterranean Conference on Embedded Computing(MECO).IEEE,2020:1-4.
[5]GASPAR J,CRUZ T,LAM C T,et al.Smart substation communications and cybersecurity:A comprehensive survey[J].IEEE Communications Surveys & Tutorials,2023,25(4):2456-2493.
[6]JBAIR M,AHMAD B,MAPLE C,et al.Threat modelling for industrial cyber physical systems in the era of smart manufacturing[J].Computers in Industry,2022,137:103611.
[7]KALOROUMAKIS P E,SMITH M J.Toward a knowledgegraph of cybersecurity countermeasures[J].The MITRE Corporation,2021,11:2021.
[8]CHEN Z,KANG F,XIONG X,et al.A Survey on Penetration Path Planning in Automated Penetration Testing[J].Applied Sciences,2024,14(18):8355.
[9]BODDY M S,GOHDE J,HAIGH T,et al.Course of ActionGeneration for Cyber Security Using Classical Planning[C]//ICAPS.2005:12-21.
[10]WANG Z,ZHANG Y,LIU Z,et al.An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks[J].Security and Communication Networks,2021,2021(1):1444182.
[11]FOX M,LONG D.PDDL2.1:An extension to PDDL for ex-pressing temporal planning domains[J].Journal of Artificial Intelligence Research,2003,20:61-124.
[12]WANG Y,LI Y,XIONG X,et al.DQfD-AIPT:An IntelligentPenetration Testing Framework Incorporating Expert Demonstration Data[J].Security and Communication Networks,2023,2023(1):5834434.
[13]LIU C,WANG B,LI F,et al.Optimal Attack Path Planningbased on Reinforcement Learning and Cyber Threat Knowledge Graph Combining the ATT&CK for Air Traffic Management System[J/OL].IEEE Transactions on Transportation Electrification,2024.https://doi.org/10.1109/TTE.2024.3377687.
[14]HAPPE A,CITO J.Getting pwn’d by ai:Penetration testingwith large language models[C]//Proceedings of the 31st ACM Joint European Software Engineering Conference and Sympos-ium on the Foundations of Software Engineering.2023:2082-2086.
[15]DENG G,LIU Y,MAYORAL-VILCHES V,et al.{PentestGPT}:Evaluating and harnessing large language models for automated penetration testing[C]//33rd USENIX Security Symposium(USENIX Security 24).2024:847-864.
[16]ASSANTE M J,LEE R M.The industrial control system cyber kill chain[J].SANS Institute InfoSec Reading Room,2015,1(1):2.
[17]ZHANG Z,HUANG X,KEUNE B,et al.Modeling and simulation of data flow for VLAN-based communication in substations[J].IEEE Systems Journal,2015,11(4):2467-2478.
[18]ABDEEN B,AL-SHAER E,SINGHAL A,et al.Smet:Semantic mapping of cve to att&ck and its application to cybersecurity[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Cham:Springer,2023:243-260.
[19]FLÅ L H,BORGAONKAR R,TØNDEL I A,et al.Tool-assisted threat modeling for smart grid cyber security[C]//2021 International Conference on Cyber Situational Awareness,Data Analytics and Assessment(CyberSA).IEEE,2021:1-8.
[20]UMAN O,GHAFOURI M,KASSOUF M,et al.Modeling supply chain attacks in IEC 61850 substations[C]//2019 IEEE International Conference on Communications,Control,and Computing Technologies for Smart Grids(SmartGridComm).IEEE,2019:1-6.
[21]CHATTOPADHYAY A,UKIL A,JAP D,et al.Toward threat of implementation attacks on substation security:Case study on fault detection and isolation[J].IEEE Transactions on Industrial Informatics,2017,14(6):2442-2451.
[1] YANG Wei-chao, GUO Yuan-bo, LI Tao, ZHU Ben-quan. Method Based on Traffic Fingerprint for IoT Device Identification and IoT Security Model [J]. Computer Science, 2020, 47(7): 299-306.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.