Quantitative Analysis For The Vulnerability Of Substation Control System Based On Attack Graph

As a typical representative of Cyber-Physical System, development of the whole world is influenced by the secure operation of substation control system. In recent years, however, with the merging security problems against substation control system, how to evaluate the vulnerability comprehensively, which helps to implement defensive strategies to reduce the influence of attacks, has become the research focus of countries. In this thesis, we carry out the following works on quantitative evaluation for the vulnerability of substation control system based on attack graph.(1) To identify the vulnerabilities in substation, a vulnerability exploration method based on scenario is proposed. First, two types of possible scenarios for a typical substation are constructed, which are external network scenario and internal network scenario. Later, vulnerabilities and consequences of each path in scenarios are illustrated in detail. Consequences (parking, accidents and even catastrophe) and influence caused by exploition of vulnerability are analyzed from the perspective of scenarios, which answers the questions like why should attackers attack and how to attack.(2) To model the vulnerability of substation, a vulnerability modeling method based on generalized profits and attack graph is first put forward. Considering the proposed vulnerability indicators can not reflect the physical consequences and social influence after vulnerabilities of industrial control system being exploited, this thesis first considers the link profit (profit after vulnerabilities of links being exploited), device profit (profit after vulnerabilities of devices being exploited), attack capability profit (improvements of attack capability), and also considers the era profit, which reflects consequences such as physical damage, social unrest, environmental pollution and so on. The proposed synthetic indicator, generalized profit, can reflect the above profits comprehensively. Later, link profit, device profit, era profit and attack capability profit are quantified through mathematical modeling. Successful rate of attacking is calculated based on game model and Bayesian network. Last but not least, elements of profits and successful rate of attacking are combined to model generalized profit. Generalized profit can evaluate the whole system comprehensively, and solves the problems like narrow research scope and fewer influencing factors.(3) To improve the low efficiency of attack graph algorithm, a generation algorithm based on bidirectional breadth-first and an optimization algorithm based on explosive particle constraint are proposed. The generation algorithm references breadth-first algorithm and generate attack graph from two directions, which decreases the time and space complexity significantly. Explosive particle constraint is first proposed to optimize attack graph. The simulation results prove that this indicator can not only reduce the scale but also improve the overall quality of paths in attack graph.