Please wait a minute...
Vulnerability analysis of industrial control system based on attack graph
GAO Meng-zhou, FENG Dong-qin, LING Cong-li, CHU Jian
State Key Laboratory of Industrial Control Technology, Institute of Cyber-Systems and Control, Zhejiang University, Hangzhou 310027, China
Download:   PDF(1080KB) HTML
Export: BibTeX | EndNote (RIS)      


In order to evaluate security risks of industrial control system networks and establish effective defense, security factors of control system networks were proposed to transform network attacks into network state transition problems, and attack graph models of control system networks were built. An attack rule base was established on the basis of expert knowledge and existing vulnerability bases. By using monotonic hypothesis, breadth-first iterative algorithm, control system network vulnerability specification and attacking constraint functions, the control system attack graph was generated and optimized. Based on the elementary level quantization of parameters and judgment matrix method, attack benefits were calculated. On the background of Stuxnet, a simulation control network was designed. Through simulation, the initial attack graph, the attack graph after vulnerability specification, and attack graphs under constrain functions were achieved. Simulation results show that attack graphs can be generated with different requirements of security levels, and possible attack targets, the optimal attack targets, their corresponding attack benefits and attack paths can be obtained comprehensively.

Published: 01 December 2014
CLC:  TP 393.8  
Cite this article:

GAO Meng-zhou, FENG Dong-qin, LING Cong-li, CHU Jian. Vulnerability analysis of industrial control system based on attack graph. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2014, 48(12): 2123-2131.

URL:     OR



[1] LANGNER R. Stuxnet: Dissecting a cyberwarfare weapon [J]. IEEE Security Privacy, 2011, 9(3): 49-51.
[2] IRVINE C, ARMSTRONG H. Security education and critical infrastructures [M]. Norwell: Kluwer Academic Publishers, 2003.
[3] 王国玉,王会梅,陈志杰,等. 基于攻击图的计算机网络攻击建模方法[J].国防科技大学学报,2009,31(4): 74-80.
WANG Guo-yu, WANG Hui-mei, CHEN Zhi-jie, et al. Research on computer network attack modeling based on attack graph [J]. Journal of National University of Defense Technology, 2009, 31(4): 74-80.
[4] KRGER W. Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools [J]. Reliability Engineering and System Safety, 2008, 93(12): 1781-1787.
[5] LEON D, ALVES-FOSS J, KRINGS A, et al. Modeling complex control systems to identify remotely accessible devices vulnerable to cyber attack [EB/OL]. [2007-11-12]. http:∥
[6] RALSTON P, GRAHAM J, HIEB J. Cyber security risk assessment for SCADA and DCS networks [J]. ISA Transactions, 2007, 46(4): 583-594.
[7] TEN C-W, LIU C-C, GOVINDARASU M. Vulnerability assessment of cybersecurity for SCADA systems using attack trees [C]∥ Proceedings of IEEE Power Engineering Society General Meeting 2007. Tampa: [s.n.], 2007: 18.
[8] MCLAUGHLIN S, PODKUIKO D, MCDANIEL P. Energy theft in the advanced metering infrastructure [C]∥ Proceedings of 4th International Conference on Critical Information Infrastructures Security. Bonn: Springer, 2009: 176-187.
[9] HAWRYLAK P J, HANEY M, PAPA M, et al. Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid [C]∥ Proceedings of the 5th International Symposium on Resilient Control Systems. Salt Lake City: [s.n.], 2012: 161-164.
[10] CHEN T M, SANCHEZ-AARNOUTSE J C, BUFORD J. Petri net modeling of cyber-physical attacks on smart grid [J]. IEEE Transactions on Smart Grid, 2011, 2(4): 741-749.
[11] AMMANN P, WIJESEKERA D, KAUSHIK S. Scalable, graph-based network vulnerability analysis [C]∥ Proceedings of 9th ACM Conference on Computer and Communications Security. Wshington, DC: [s.n.], 2002: 217-224.
[12]  储敏. 层次分析法中判断矩阵的构造问题 [D]. 南京: 南京理工大学, 2005: 7-14.
CHU Min. The construction of judgement matrix in AHP [D]. Nanjing: Nanjing University of Science and Technology, 2005: 7-14.
[13]  SecurityFocus. Bugtraq vulnerability database [DB/OL]. [2005]. http:∥
[14]  FALLIERE N, MURCHU L O, CHIEN E. W32. stuxnet dossier [R]. USA: Symantec Security Response, 2011.
[15]  ELLSON J, GANSNER E, KOUTSOFIOS L, et al. Graphviz—open source graph drawing tools [C]∥ Proceedings of 9th International Symposium on Graph Drawing. Vienna: Springer, 2001: 483-484.

No related articles found!