摘要
高级可持续威胁(APT)是目前工业控制系统面临的主要威胁之一。APT攻击利用计算机设备漏洞入侵列车控制网络,感染并且扩散到网络中的其他设备,影响系统正常运行,因此评价APT攻击对列车控制系统的影响非常必要。提出一种基于传染病模型和网络流理论结合的APT攻击影响分析方法。首先,分析在APT攻击的不同阶段设备节点状态之间的转化规则,结合传染病理论建立APT攻击传播模型,研究攻击过程中的节点状态变化趋势;其次,把设备节点的状态变化融入网络流模型中,研究APT攻击过程中设备节点状态变化对列车控制网络中列车移动授权信息流的影响;最后,结合列车控制系统的信息物理耦合关系,分析APT攻击对列控系统整体性能的影响。仿真实验展现了APT攻击过程中节点状态变化的趋势,验证该方法在分析APT病毒软件在列车控制网络中的传播过程对列车控制系统整体性能影响的有效性,为管理者制定防御方案提供依据,提升列车控制系统信息安全水平。
Advanced persistent threat(APT)is one of the major threats facing industrial control systems today.By exploiting computer equipment vulnerabilities,APT attacks intrude the train control network,infecting and disseminating to other equipment in the network,subsequently affecting the normal operation of the system.In response to the need of evaluation of the impact of APT attacks on train control systems,this paper presented a method that combines network flow theory and infectious disease model to analyze the impact of APT attacks.Firstly,by analyzing the rules of transition between equipment nodes throughout various phases of APT attacks,the paper constructed an APT attack propagation model based on infectious disease theory to analyze the trends in node variations during the attack process.Subsequently,by incorporating the changes in equipment node states into a network flow model,this paper studied the impact of equipment node state changes during APT attacks on the flow of train movement authorization information within the train control network.Finally,considering the cyber-physical coupling of the train control system,this paper ascertained the impact of APT attacks on system operations.The simulation experiments manifest the trends in equipment node state changes during the APT attacks,validating the effectiveness of this approach in analyzing the propagation process of APT malware within the train control network,as well as its holistic influence on the system performance.This provides a basis for system managers to develop a defense strategy,thereby enhancing the information security levels of the train control system.
作者
赵骏逸
唐涛
步兵
李其昌
王晓轩
ZHAO Junyi;TANG Tao;BU Bing;LI Qichang;WANG Xiaoxuan(State Key Laboratory of Rail Traffic Control and Safety,Beijing Jiaotong University,Beijing 100044,China;Signal and Communication Research Institute,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China)
出处
《铁道学报》
EI
CAS
CSCD
北大核心
2024年第4期119-129,共11页
Journal of the China Railway Society
基金
中央高校基本科研业务费(2023JBMC036)
北京市自然科学基金(L211002)
全国重点实验室重点项目(RAO2023ZZ004)。
关键词
高级可持续威胁
网络流理论
传染病模型
列车控制系统
攻击影响分析
advanced persistent threat
network flow theory
infectious disease model
train control system
attack impact analysis