Research on Risk Assessment Technology of Industrial Control System Based on Attack Graph
| Title | Research on Risk Assessment Technology of Industrial Control System Based on Attack Graph |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Zou, Z., Wang, D., Yang, H., Hou, Y., Yang, Y., Xu, W. |
| Conference Name | 2018 IEEE 3rd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC) |
| Date Published | oct |
| ISBN Number | 978-1-5386-4509-3 |
| Keywords | atomic attack probability assignment method, attack graph, Attack Graphs, centralized control system, Communication networks, composability, control engineering computing, control theory, Correlation, CVSS evaluation system, graph theory, Grey relational degree, industrial control, industrial control network attack graph model, industrial control systems, Metrics, network attacks, network security elements, network security risks, network state migration problems, Networked Control Systems Security, probability, production engineering computing, pubcrawl, resilience, Resiliency, risk assessment, risk assessment method, risk management, security, security of data, Servers, Silicon |
| Abstract | In order to evaluate the network security risks and implement effective defenses in industrial control system, a risk assessment method for industrial control systems based on attack graphs is proposed. Use the concept of network security elements to translate network attacks into network state migration problems and build an industrial control network attack graph model. In view of the current subjective evaluation of expert experience, the atomic attack probability assignment method and the CVSS evaluation system were introduced to evaluate the security status of the industrial control system. Finally, taking the centralized control system of the thermal power plant as the experimental background, the case analysis is performed. The experimental results show that the method can comprehensively analyze the potential safety hazards in the industrial control system and provide basis for the safety management personnel to take effective defense measures. |
| URL | https://ieeexplore.ieee.org/document/8577847 |
| DOI | 10.1109/IAEAC.2018.8577847 |
| Citation Key | zou_research_2018 |
- Resiliency
- network attacks
- network security elements
- network security risks
- network state migration problems
- probability
- production engineering computing
- pubcrawl
- resilience
- Metrics
- risk assessment
- risk assessment method
- risk management
- security
- security of data
- Servers
- Silicon
- Networked Control Systems Security
- Industrial Control Systems
- industrial control network attack graph model
- industrial control
- Grey relational degree
- graph theory
- CVSS evaluation system
- Correlation
- Control Theory
- control engineering computing
- composability
- Communication networks
- centralized control system
- attack graphs
- attack graph
- atomic attack probability assignment method