Attack Graph Generation and Visualization for Industrial Control Network

Attack graph is an effective way to analyze the vulnerabilities for industrial control networks. We develop a vulnerability correlation method and a practical visualization technology for industrial control network. First of all, we give a complete attack graph analysis for industrial control network, which focuses on network model and vulnerability context. Particularly, a practical attack graph algorithm is proposed, including preparing environments and vulnerability classification and correlation. Finally, we implement a three-dimensional interactive attack graph visualization tool. The experimental results show validation and verification of the proposed method.

[1]  Gary Carpenter 동적 사용자를 위한 Scalable 인증 그룹 키 교환 프로토콜 , 2005 .

[2]  Indrajit Ray,et al.  AGBuilder: An AI Tool for Automated Attack Graph Building, Analysis, and Refinement , 2019, DBSec.

[3]  Qianchuan Zhao,et al.  Cyber security issues of critical components for industrial control system , 2014, Proceedings of 2014 IEEE Chinese Guidance, Navigation and Control Conference.

[4]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[5]  Wei Gao,et al.  Industrial Control System Cyber Attacks , 2013, ICS-CSR.

[6]  Dan Liu,et al.  A Vulnerability Assessment Method in Industrial Internet of Things Based on Attack Graph and Maximum Flow , 2018, IEEE Access.

[7]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[8]  Mariam Ibrahim,et al.  A2G2V: Automated Attack Graph Generator and Visualizer , 2018 .

[9]  Adriano Valenzano,et al.  Detection of attacks based on known vulnerabilities in industrial networked systems , 2017, J. Inf. Secur. Appl..

[10]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[11]  Fikret Sivrikaya,et al.  Distributed Attack Graph Generation , 2016, IEEE Transactions on Dependable and Secure Computing.

[12]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[13]  Alexandru Stefanov,et al.  SCADA modeling for performance and vulnerability assessment of integrated cyber–physical systems , 2015 .

[14]  Paul Ammann,et al.  A host-based approach to network attack chaining analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[15]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[16]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[17]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.