交通信息与安全2018,Vol.36Issue(1):41-48,8.DOI:10.3963/j.issn.1674-4861.2018.01.006
基于安全域的高速铁路信号系统攻击图建模方法
A Modeling Method of Attack Graphs for High-speed Railway Signal Systems based on Security Domain
付淳川1
作者信息
- 1. 北京城建设计发展集团股份有限公司 北京100032
- 折叠
摘要
Abstract
With development of network informationization of high-speed railway signal systems,there are more se-rious security threats and risks.To assess network security risk of the system,this paper proposed a modeling method of attack graph for high-speed railway signal systems based on security domain.Host security domain and network security domain are applied to divide the network in consideration of its hierarchical structure.Distribute generation of attack graphs are developed both in and between the security domains.Meanwhile,attack modes and the minimum constraint threshold of attack benefits are used to reduce complexity of generating attack graphs according to security level require-ments of each sub-network in the system.A simulated attack behavior from a CTC station permeates into the network is applied to verify effectiveness of this method.The results show that there are 143 state nodes,142 directed edges and 20 attack paths generated in an unconstrained attack graph.A state attack graph based on a revenue constraint threshold of the minimum attack generates 51 state nodes,50 directed edges and 8 attack paths.Simulation results show that the pro-posed method can improve the efficiency of generating an attack graph,and simplify its scale to obtain possible attack paths.关键词
轨道交通/信号系统/网络安全/攻击图/安全域Key words
rail traffic/signal system/network security/attack graph/security domain分类
交通工程引用本文复制引用
付淳川..基于安全域的高速铁路信号系统攻击图建模方法[J].交通信息与安全,2018,36(1):41-48,8.
