基于攻击防御树的CPS最小防御代价计算方法

doi:10.19678/j.issn.1000-3428.0055631

计算机工程 ›› 2020, Vol. 46 ›› Issue (8): 132-138. doi: 10.19678/j.issn.1000-3428.0055631

基于攻击防御树的CPS最小防御代价计算方法

钟志成, 徐丙凤, 顾久根

南京林业大学信息科学技术学院, 南京 210037

收稿日期:2019-07-31 修回日期:2019-09-06 发布日期:2019-09-12
作者简介:钟志成(1998-),男,本科生,主研方向为CPS系统安全;徐丙凤,讲师、博士;顾久根,本科生。
基金资助:
国家自然科学基金青年科学基金（61802192，61702282）；江苏省高等学校自然科学研究项目（18KJB520024，17KJB520023）；南京林业大学校青年创新基金（CX2016026）；南京林业大学大学生创新训练计划项目（2018NFUSPITP475，2018NFUSPITP457）。

Minimum Defense Cost Calculation Method for CPS Based on Attack Defense Tree

ZHONG Zhicheng, XU Bingfeng, GU Jiugen

College of Information Science and Technology, Nanjing Forestry University, Nanjing 210037, China

Received:2019-07-31 Revised:2019-09-06 Published:2019-09-12

摘要/Abstract

摘要： 为降低信息物理融合系统（CPS）的防御代价，提高防御措施的有效性，提出一种基于攻击防御树的CPS最小防御代价计算方法，并实现相应的计算工具。通过对攻击防御树增加约束，给出原子攻击防御树的概念。对攻击防御树进行预处理，将其转换为原子攻击防御树，采用代数方法进行最小防御代价计算。基于此，在Eclipse平台上利用Java语言实现一款最小防御代价计算软件。以某电力系统的经典案例进行实验验证，结果表明，该方法可以正确且高效地计算出攻击防御树的最小防御代价。

关键词: 信息物理融合系统, 攻击防御树, 防御代价, 割集, 网络攻击

Abstract: In order to reduce the defense cost of Cyber Physical System(CPS) and improve the effectiveness of defense measures,this paper proposes a method based on Attack Defense Tree(ADTree) to calculate the minimal defense cost of CPS and implements a calculation tool.Firstly,the concept of atom attack defense tree(A2DTree) is proposed by adding constraints to ADTree.Secondly,the ADTree is transformed into an A2DTree by preprocessing,and the minimum defense cost is calculated by using an algebraic method.On this basis,a tool for minimum defense cost calculation is designed and implemented by Java on the Eclipse platform.The effectiveness of the method is verified by an experiment based on a typical case study of a power system.Results show that the proposed method can correctly and efficiently calculate the minimum defense cost of ADTree.

Key words: Cyber Physical System(CPS), Attack Defense Tree(ADTree), defense cost, cut set, network attack

中图分类号:

TP309

钟志成, 徐丙凤, 顾久根. 基于攻击防御树的CPS最小防御代价计算方法[J]. 计算机工程, 2020, 46(8): 132-138.

ZHONG Zhicheng, XU Bingfeng, GU Jiugen. Minimum Defense Cost Calculation Method for CPS Based on Attack Defense Tree[J]. Computer Engineering, 2020, 46(8): 132-138.

http://www.ecice06.com/CN/Y2020/V46/I8/132

图/表 11

20200819135122

20200819135125

20200819135128

20200819135133

20200819135137

20200819135140

20200819135144

20200819135147

20200819135150

20200819135153

20200819135156

参考文献

[1] ALGULIYEV R,IMAMVERDIYEV Y,SUKHOSTAT L.Cyber-physical systems and their security issues[J].Computers in Industry,2018,100:212-223.
[2] PAL R,PRASANNA V.The STREAM mechanism for CPS security:the case of the smart grid[J].IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,2016,36(4):537-550.
[3] BOLBOT V,THEOTOKATOS G,BUJORIANU M L,et al.Vulnerabilities and safety assurance methods in cyber-physical systems:a comprehensive review[J].Reliability Engineering & System Safety,2018,182:179-193.
[4] LIU Ting,TIAN Jue,WANG Jiazhou,et al.Integrated security threats and defense of cyber-physical systems[J].Acta Automatica Sinica,2019,45(1):5-24.(in Chinese)刘烃,田决,王稼舟,等.信息物理融合系统综合安全威胁与防御研究[J].自动化学报,2019,45(1):5-24.
[5] SCHNEIER B.Attack trees[J].Dr.Dobb's Journal,1999,24(12):21-29.
[6] KORDY B,MAUW S,RADOMIROVIC' S,et al.Foundations of attack-defense trees[C]//Proceedings of International Workshop on Formal Aspects in Security and Trust.Berlin,Germany:Springer,2010:80-95.
[7] ROY A,KIM D S,TRIVEDI K S.Cyber security analysis using attack countermeasure trees[C]//Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research.New York,USA:ACM Press,2010:1-4.
[8] WANG Ping,LIU Jiachi.Improvements of attack-defense trees for threat analysis[M]//PAN J S,YANG C N,LIN C C.Advances in Intelligent Systems and Applications-Volume 2.Berlin,Germany:Springer,2013:91-100.
[9] ROY A,KIM D S,TRIVEDI K S.Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees[C]//Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks.Washington D.C.,USA:IEEE Press,2012:1-12.
[10] HUANG Huiping,XIAO Shide,MENG Xiangyin.Cyber security assessment for SCADA systems based on attack-defense game model[J].Computer Engineering and Science,2017,39(5):877-884.(in Chinese)黄慧萍,肖世德,孟祥印.基于攻防博弈的SCADA系统信息安全评估方法[J].计算机工程与科学,2017,39(5):877-884.
[11] WANG Huazhong.Supervisory Control and Data Acquisition(SCADA) system and its applications[M].Beijing:Electronics Industry Press,2012.(in Chinese)王华忠.监控与数据采集(SCADA)系统及其应用[M].北京:电子工业出版社,2012.
[12] CHAKRABORTY N,KALAIMANNAN E.Minimum cost security measurements for attack tree based threat models in smart grid[C]//Proceedings of the 8th Annual Ubiquitous Computing,Electronics and Mobile Communication Conference.Washington D.C.,USA:IEEE Press,2017:614-618.
[13] MAUW S,OOSTDIJK M.Foundations of attack trees[C]//Proceedings of International Conference on Information Security and Cryptology.Berlin,Germany:Springer,2005:186-198.
[14] HUANG Huiping,XIAO Shide,LIANG Hongqin.Vulnerability assessment of cyber security for SCADA systems based on AHP and attack defense tree[J].Control Engineering of China,2018,25(6):1091-1097.(in Chinese)黄慧萍,肖世德,梁红琴.基于AHP和攻防树的SCADA系统安全脆弱性评估[J].控制工程,2018,25(6):1091-1097.
[15] HUANG Huiping,XIAO Shide,LIANG Hongqin,et al.Attack-defense trees based cyber security analysis for CPSs[C]//Proceedings of the 17th IEEE/ACIS International Conference on Software Engineering,Artificial Intelligence,Networking and Parallel/Distributed Computing.Washington D.C.,USA:IEEE Press,2016:693-698.
[16] SUN Wenjun,SU Yang.Risk analysis method for advanced persistent threat based on attack-defense trees[J].Application Research of Computers,2018,35(2):511-514,551.(in Chinese)孙文君,苏旸.基于攻防树的APT风险分析方法[J].计算机应用研究,2018,35(2):511-514,551.
[17] FU Yu,YU Yihan,CHEN Yongqiang,et al.Network security analysis on attack-defense behavior tree[J].Advance Engineering Sciences,2017,49(2):115-120.(in Chinese)付钰,俞艺涵,陈永强,等.基于攻防行为树的网络安全态势分析[J].工程科学与技术,2017,49(2):115-120.
[18] ASLANYAN Z,NIELSON F,PARKER D.Quantitative verification and synthesis of attack-defence scenarios[C]//Proceedings of the 29th Computer Security Foundations Symposium.Washington D.C.,USA:IEEE Press,2016:105-119.
[19] FEI Yu,NING Jing,JIANG Wenbao.A quantifiable attack-defense trees model for APT attack[C]//Proceedings of the 3rd Advanced Information Technology,Electronic and Automation Control Conference.Washington D.C.,USA:IEEE Press,2018:2303-2306.
[20] DING Ming,LI Xiaojing,ZHANG Jingjing,et al.Effect of SCADA-oriented cyber attack on power system reliability[J].Power System Protection and Control,2018,46(11):37-45.(in Chinese)丁明,李晓静,张晶晶,等.面向SCADA的网络攻击对电力系统可靠性的影响[J].电力系统保护与控制,2018,46(11):37-45.
[21] KORDY B,KORDY P,MAUW S,et al.ADTool:security analysis with attack-defense trees[C]//Proceedings of International Conference on Quantitative Evaluation of Systems.Berlin,Germany:Springer,2013:173-176.

选择文件类型/文献管理软件名称

选择包含的内容

基于攻击防御树的CPS最小防御代价计算方法

Minimum Defense Cost Calculation Method for CPS Based on Attack Defense Tree

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	赵新,尹忠海,周诚,刘斌,李明杰. 基于事件驱动CPS体系架构的层级模型[J]. 计算机工程, 2018, 44(4): 81-88.
[2]	张晶,陈垚,范洪博,孙俊. 信息物理融合系统任务调度权限控制策略[J]. 计算机工程, 2017, 43(4): 60-66.
[3]	王辉,亢凯航,刘淑芬. 基于贝叶斯推理的PASG计算模型[J]. 计算机工程, 2016, 42(11): 158-164.
[4]	徐洪智,李仁发,曾理宁. 基于Ptolemy 的自适应巡航系统建模与仿真[J]. 计算机工程, 2015, 41(6): 28-32.
[5]	赵春兰,王凯玲,林成,孙瑜,修雅慧,王烨兴,郝利国. 基于归一化割的颅脑MRI 肿瘤提取算法[J]. 计算机工程, 2015, 41(5): 228-231.
[6]	张晶,李艳. 基于动态博弈的粗糙网络安全分析模型[J]. 计算机工程, 2015, 41(4): 129-134.
[7]	强生杰, 任恩恩. 基于Petri网的联锁软件测试用例动态生成[J]. 计算机工程, 2013, 39(1): 54-57.
[8]	桂兵祥, 丰洪才. 基于HIS原理的复杂异构网络异常检测机制[J]. 计算机工程, 2012, 38(10): 105-107.
[9]	赵博夫, 殷肖川. 基于Petri网的网络攻击流模型研究[J]. 计算机工程, 2011, 37(4): 158-160.
[10]	黄光球, 张斌, 王纯子. 基于层次扩展SPN的网络攻击模型[J]. 计算机工程, 2011, 37(22): 12-18.
[11]	徐建军;单懿;仇广煜;周黎. 网络攻防训练模拟系统的研究与实现[J]. 计算机工程, 2010, 36(7): 129-131,.
[12]	刘简达;施勇;薛质. eMule协议的安全性研究[J]. 计算机工程, 2009, 35(13): 134-136.
[13]	史志才;陶龙明. 复杂网络攻击的HMM检测模型[J]. 计算机工程, 2009, 35(12): 106-108.
[14]	杨涛;郭义喜;张弘. 有色Petri网在渗透测试中的应用[J]. 计算机工程, 2009, 35(1): 156-158,.
[15]	陈国栋;杨光临;段晓辉. 网络攻击图在自动渗透测试中的应用[J]. 计算机工程, 2008, 34(13): 115-117,.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于攻击防御树的CPS最小防御代价计算方法

Minimum Defense Cost Calculation Method for CPS Based on Attack Defense Tree

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献

相关文章 15

编辑推荐

Metrics

本文评价