Industrial Control System Network’s Potential Risk Analysis Based On Attack Graph

With the improvement of computer technology, the information level ofpeople’s living becomes much higher, the Industry Control System (ICS) is also gradually developing to the direction of industrial information system. The situation of the original completely closed ICS can’t meet the production requirements of management and control integration becomes more and more serious,so ICSuses the Internet’s common software, hardware and protocol more and more. But its network’s protect measures isn’t improved, which leads the ICS network is weak to the Internet virus and the Internet attack. We can find ICS everywhere in our daily lives, if it is damaged, it will bring us a greater loss than the Internet be attacked.Firstly, this paper studied some common ICS network architecture, and based on this study the paper came up with the general ICS network architecture. Then we collected and analyzed the been revealed vulnerabilitis and security incidents of ICS in recent years, and gave out the attacker’s common attacking procedure and the vulnerability of ICS.Secondly, this paper deeply studied the latest network security technology both at home and abroad, given out the methods of using network traffic analysis, the fuzzing and software reverse engineering into ICS. At the same time, this paper compared the advantages and disadvantages of five attack graph generation technology, including MulVal, TVA, Skybox View, NetSPA, when they are used into ICS.Then the paper innovatively came up with "the layer based attack graph generation algorithm", which is suitable for ICS, and been used to analyze ICS’s security. The paper provided the method of dividing ICS network, and combining with the security requirements of different layers designed the attack graph generation algorithm of each layer, and finally designed the attack graph generation algorithm between layers.In order to make this system, which is designed by this paper, easier use, we also designed the humanized algorithm inputting interface and attack graph dynamic display interface.Finally, this paper used the case of "Stuxnet", which is the typical ICS attacking case, to verify our system. This part includes the installation and configuration of our proposed system, the process and the result of our test. In addition, we analyzed and verified the actual industry control scene. We compared the proposed system with the attack graph generation tool of MulValin theanalysis result and efficiency, it showed that our system used less time in analyzing bigger Industry Control System and got more comprehensive result, so our system has reached the expected goal.