Research On Industrial Control Network Threat Modeling And Simulation Technology Based On Knowledge Grap

The complexity and openness of industrial control networks have led to serious network security threats for industrial Io T,which not only poses a threat to industrial control networks but also affects people’s lives and socio-economic stability.Therefore,data-driven threat modeling methods have become a hot research direction for in-depth modeling of logical relationships between industrial control network attacks and defense,and evaluating the security mechanisms of industrial Io T systems.The advantage of a data-driven model is that it can extract the structure and patterns of a sample from big data without requiring much a priori knowledge.However,the shortcomings of data-driven threat modeling methods,which cannot further instantiate higher-level attack and defense behaviors and encode their logical relationships,are becoming increasingly prominent.Data-driven models are highly dependent on the size and quality of data,and there are problems with low accuracy in highly dynamic scenarios,which makes security decisions relying on the analysis results lack reliability.Domain-specific language models,as commonly used technology for language modeling,are attempting to combine data-driven technology to mitigate business risks of industrial control networks.In order to improve the risk analysis capability of industrial control networks,this paper focuses on attack behavior events,combines the construction of the industrial Io T threat intelligence knowledge graph,and proposes a threat modeling and simulation method based on the Meta Attack Language(MAL)framework.This paper covers the following four main points:(1)This paper presents the construction of an Industrial Internet of Things(IIo T)threat intelligence knowledge graph.In response to the lack of effective management and utilization of security threat intelligence in the industrial sector,this article analyzes the characteristics and concepts of IIo T threat intelligence knowledge and constructs a unified structure for it.Then,an information extraction model for threat intelligence is proposed to structure and relate various types of threat intelligence,which constructs the IIo T threat intelligence knowledge graph.This provides a theoretical and data basis for subsequent security threat modeling,attack simulation,and response,and expands the knowledge domain of industrial control network threat modeling.(2)This paper studies the logical encoding problem of specific attackers’ attacks and defenses in industrial control networks.This paper proposed a language for attack and defense modeling,ADMLang(Attack and Defense Modeling Language),based on the MAL framework and the ATT&CK and D3 FEND models.Firstly,the attacker profile was constructed based on the attacker’s attack characteristics.Then,a Time to Compromise(TTC)probability distribution algorithm was proposed,which,combined with the attacker’s attack and the logic of industrial control network defense,realized the probabilistic mapping of attack defense features to the ADMLang model.Finally,a global compromise time network was constructed,and the time distribution from the initial attack to the target being compromised was calculated.(3)This study tests the attack simulation method using the ADMLang model and compares it with standard penetration testing in the SEGRID project of an open dataset for smart grids.The results show that this method can effectively mine the attack-defense logic of industrial control networks and has high accuracy in attack simulation testing.