引用本文
  • 周明,吕世超,游建舟,朱红松,石志强,孙利民.工业控制系统安全态势感知技术研究[J].信息安全学报,2022,7(2):101-119    [点击复制]
  • ZHOU Ming,LV Shichao,YOU Jianzhou,ZHU Hongsong,SHI Zhiqiang,SUN Limin.A Comprehensive Survey of Security Situational Awareness on Industrial Control Systems[J].Journal of Cyber Security,2022,7(2):101-119   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 5719次   下载 5465 本文二维码信息
码上扫一扫!
工业控制系统安全态势感知技术研究
周明1,2, 吕世超1,2, 游建舟1,2, 朱红松1,2, 石志强1,2, 孙利民1,2
0
(1.中国科学院信息工程研究所 物联网信息安全技术北京市重点实验室 北京 中国 100093;2.中国科学院大学 网络空间安全学院 北京 中国 100049)
摘要:
工业控制系统(简称工控)是国家关键基础设施的核心, 越来越多的工作开始关注工控系统安全。 然而, 这些工作的实际应用场景并不统一, 因此他们取得的成果无法相互借鉴。 为了解决这个问题, 在深入研究这些安全技术的基础上, 我们提出了工控系统安全态势感知(Situational Awareness for Industrial Control Systems Security, SA-ICSS)框架, 该框架由态势觉察、态势理解和态势投射三个阶段构成。在态势觉察阶段, 我们首先利用网络测绘和脆弱性发现技术获取完善的目标系统环境要素, 如网络拓扑和漏洞信息; 其次, 我们将入侵检测和入侵诱捕等 5 种设备部署在目标系统中, 以便从控制系统中捕获所有的可疑活动。 在态势理解阶段, 我们首先基于结构化威胁信息表达(Structured Threat Information Expression, STIX)标准对目标系统进行本体建模,构建了控制任务间的依赖关系以及控制任务与运行设备的映射关系; 其次, 自动化推理引擎通过学习分析师推理技术, 从可疑活动中识别出攻击意图以及目标系统可能受到的影响。在态势投射阶段, 我们首先利用攻击图、贝叶斯网络和马尔科夫模型从可疑活动中构建攻击模型; 其次, 我们利用现有的威胁评估技术从攻击模型中预测可能发生的攻击事件、可能被感染的设备以及可能存在的零日漏洞。我们阐述了 SA-ICSS 各个阶段的任务范围, 并对其中的关键技术进行了分析与总结。最后, 我们还探讨了 SA-ICSS 待解决的若干问题。
关键词:  工业控制系统  安全态势感知  本体模型  攻击意图  影响评估  威胁预测
DOI:10.19363/J.cnki.cn10-1380/tn.2022.03.07
投稿时间:2019-08-19修订日期:2019-10-28
基金项目:本课题得到国家重点研发计划(No.2018YFC1201102),国家自然科学基金重点项目(No.U1766215),国家自然科学基金项目(No.61702506)资助。
A Comprehensive Survey of Security Situational Awareness on Industrial Control Systems
ZHOU Ming1,2, LV Shichao1,2, YOU Jianzhou1,2, ZHU Hongsong1,2, SHI Zhiqiang1,2, SUN Limin1,2
(1.Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
Industrial Control Systems (ICS) are the core part of the state critical infrastructure, and more and more works are focusing on the ICS security. However, the results of these works cannot apply to each other since their application situations are not all the same. To solve this problem, we propose a Situational Awareness for Industrial Control Systems Security (SA-ICSS) framework that integrates many security techniques proposed in recent years, and the framework involves three stages: situational perception, situational comprehension, and situational projection. In situational perception stage, we first obtain the full environmental elements from the target control system by using the network scanning and vulnerability discovery techniques, such as network topology and vulnerability information; then we deploy five kinds of security devices such as intrusion detection and intrusion deception systems in the target control system, these devices help us collect potential malicious activities. In situational comprehension stage, we first construct an ontology model for the target control system based on the Structured Threat Information Expression (STIX) standards, which involves the dependency relationship among control tasks and the mapping relationship between control tasks and their corresponding devices; then an automatic reason engine is used to learn reason rules from the security analyzers, and the engine can automatically identify the attack intension and the possible impacts against the target control system. In situational projection stage, we first construct an attack model based on the above malicious activities by using three attack modeling techniques including attack graph, Bayesian attack graph, and Markov model; Once the attack model is built, we use the off-the-shelf threat evaluation techniques to predict the possible results appearing in the future, such as attack events, infected devices, and “0-day” vulnerabilities. In this paper, we elaborate the task scope at each stage of the SA-ICSS and summary the key technologies among these stages. Finally, we discuss five open problems that have not been solved on the SA-ICSS.
Key words:  industrial control systems  security situational awareness  ontology model  attack intent  impact assessment  threat prediction