基于安全域的高速铁路信号系统攻击图建模方法

伴随高速铁路信号系统的网络信息化发展,系统面临越发严重的安全威胁及隐患.为评估系统的网络安全风险,研究了一种基于安全域的高速铁路信号系统攻击图建模方法.针对系统网络结构的层次化特点,以主机安全域和网络安全域对网络进行划分,实现各安全域内及安全域间攻击图的分布式生成,同时根据系统中各子网络的安全级别要求,利用攻击模式及最小攻击收益约束阈降低攻击图的生成复杂度.为验证其有效性,模拟攻击者从CTC车站渗透至信号安全数据网的攻击行为.结果显示,生成的无约束攻击图中有143个状态节点、142条有向边及20条攻击路径;基于最小攻击收益约束阈的状态攻击图生成了51个状态节点、50条有向边及8条攻击路径.该方法有效地提高了攻击图生成效率并简化了攻击图规模,较完整地得到了可能的攻击路径.

A Modeling Method of Attack Graphs for High-speed Railway Signal Systems based on Security Domain

With development of network informationization of high-speed railway signal systems,there are more se-rious security threats and risks.To assess network security risk of the system,this paper proposed a modeling method of attack graph for high-speed railway signal systems based on security domain.Host security domain and network security domain are applied to divide the network in consideration of its hierarchical structure.Distribute generation of attack graphs are developed both in and between the security domains.Meanwhile,attack modes and the minimum constraint threshold of attack benefits are used to reduce complexity of generating attack graphs according to security level require-ments of each sub-network in the system.A simulated attack behavior from a CTC station permeates into the network is applied to verify effectiveness of this method.The results show that there are 143 state nodes,142 directed edges and 20 attack paths generated in an unconstrained attack graph.A state attack graph based on a revenue constraint threshold of the minimum attack generates 51 state nodes,50 directed edges and 8 attack paths.Simulation results show that the pro-posed method can improve the efficiency of generating an attack graph,and simplify its scale to obtain possible attack paths.