Abstract
Background: The new power system is more vulnerable to Advanced Persistent Threat (APT) than the traditional power system.
Objective: This study aims to grasp the intent of the APT attack better; a new generation method of power system APT attack graph based on DQN is proposed.
Methods: First, the network topology of the new power system was extracted by Nessus scanning as the model input. Secondly, the agent in DQN was trained for multiple rounds. Starting from the set initial state, the agent selected the action with the highest Q value to act on the system in each round, and then the system entered the next state. Then the Q network function value was updated according to the obtained system feedback value until the target state appeared.
Results: After multiple rounds of training agents, multiple APT attack paths were finally obtained, thus an APT attack graph can be generated.
Conclusion: The experimental results showed that the efficiency of generating an APT attack graph based on the DQN method is obviously superior to the existing methods for the large-scale industrial control system, such as the new power system.
Graphical Abstract
[1]
C. Tankard, "Advanced Persistent threats and how to monitor and deter them", Netw. Secur., vol. 2011, no. 8, pp. 16-19, 2011.
[http://dx.doi.org/10.1016/S1353-4858(11)70086-1]
[http://dx.doi.org/10.1016/S1353-4858(11)70086-1]
[2]
F. Li, A. Lai, and D. Ddl, "Evidence of Advanced Persistent Threat: A case study of malware for political espionage", In 2011 6th International Conference on Malicious and Unwanted Software,
2011, pp. 102-109, Fajardo, PR, USA., 2011.
[http://dx.doi.org/10.1109/MALWARE.2011.6112333]
[http://dx.doi.org/10.1109/MALWARE.2011.6112333]
[3]
Y.J. Du, "The challenge of defending APT attack-something about APT", Information Security and Communications Privacy, p. 13, . 14, July 2012.
[4]
Y. Mei, W. Han, S. Li, X. Wu, K. Lin, and Y. Qi, "A Review of Attribution Technical for APT Attacks", In , 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), pp. 512-
518 Guilin, China, 2022., 2022.
[http://dx.doi.org/10.1109/DSC55868.2022.00077]
[http://dx.doi.org/10.1109/DSC55868.2022.00077]
[5]
" "FireEye Mandiant M-Trends Report, July 2020"", Available From : https//content.fireeye.com/m-trends/rpt-m-trends [Accessed on: Nov. 14, 2022].
[6]
Z. Lv, S. Qin, Z. Zhu, Z. Yu, S. Li, and W. Han, "A Review of Provenance Graph-based APT Attack Detection:Applications and Developments", In 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), 2022, pp. 498-505, Guilin, China, 2022.
[http://dx.doi.org/10.1109/DSC55868.2022.00075]
[http://dx.doi.org/10.1109/DSC55868.2022.00075]
[7]
Y. Su, "Research on APT attack based on the game model IEEE 4th Information Technology, Networking", In Electronic and Automation Control Conference (ITNEC) 2020, pp. 295-299, Chongqing, China.
[http://dx.doi.org/ 10.1109/ITNEC48623.2020.9084845]
[http://dx.doi.org/ 10.1109/ITNEC48623.2020.9084845]
[8]
G.O.N.G. Gangjun, Z.H.A.N.G. Peng, Z.H.O.U. Bo, Q.I.A.N.G. Ren, S.U.N. Yue, C.H.E.N. Leran, and C.H.E.N. Wei, "Network Security Risk Assessment of CPS System in Distribution Network Based on Attack Graph", J. Phys. Conf. Ser., vol. 1750, no. 1, p. 2021.012078, .
[http://dx.doi.org/10.1088/1742-6596/1750/1/012078]
[http://dx.doi.org/10.1088/1742-6596/1750/1/012078]
[9]
A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, "A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities", IEEE Commun. Surv. Tutor., vol. 21, no. 2, pp. 1851-1877, 2019.
[http://dx.doi.org/10.1109/COMST.2019.2891891]
[http://dx.doi.org/10.1109/COMST.2019.2891891]
[10]
S. Ahmad, "Advanced Persistent Threat (APT)-Style Attack Modeling and Testbed for Power Transformer Diagnosis System in a Substation", In: IEEE Power & Energy Society Innovative Smart Grid Technologies Conference, 2022, pp. 1-5 New Orleans, LA, USA., 2022.
[http://dx.doi.org/10.1109/ISGT50606.2022.9817518]
[http://dx.doi.org/10.1109/ISGT50606.2022.9817518]
[11]
G. Liang, S.R. Weller, J. Zhao, F. Luo, and Z.Y. Dong, "The 2015 UKraine blackout: Implications for false data injection attacks", IEEE Trans. Power Syst., vol. 32, no. 4, pp. 3317-3318, 2017.
[http://dx.doi.org/10.1109/TPWRS.2016.2631891]
[http://dx.doi.org/10.1109/TPWRS.2016.2631891]
[12]
S. Soltan, M. Yannakakis, and G. Zussman, "Power Grid State Estimation Following a Joint Cyber and Physical Attack", IEEE Trans. Control Netw. Syst., vol. 5, no. 1, pp. 499-512, 2018.
[http://dx.doi.org/10.1109/TCNS.2016.2620807]
[http://dx.doi.org/10.1109/TCNS.2016.2620807]
[13]
S. Lallie, K. Debattista, and J. Bal, "A review of attack graph and attack tree visual syntax in cyber security", Computer science review,, vol. 35, p. 100219, 2020.
[14]
K. Kaynar, and F. Sivrikaya, "Distributed Attack Graph Generation", IEEE Transactions on Dependable and. Secure Computing,, vol. 13, no. 5, pp. 519-532, 2016.
[http://dx.doi.org/10.1109/TDSC.2015.2423682]
[http://dx.doi.org/10.1109/TDSC.2015.2423682]
[15]
N. Stan, "Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks", IEEE Transactions on Dependable and. Secure Computing., vol. 19, no. 3, pp. 1936-1954, 2022.
[http://dx.doi.org/10.1109/TDSC.2020.3041999]
[http://dx.doi.org/10.1109/TDSC.2020.3041999]
[16]
M. Li, W. Huang, Y. Wang, and W. Fan, "The optimized attribute attack graph based on APT attack stage model", In 2016 2nd IEEE International Conference on Computer and Communications (ICCC),, 2016, pp. 2781-2785 Chengdu, China.
[17]
N. Idika, and B. Bhargava, "Extending Attack Graph-Based Security Metrics and Aggregating Their Application", IEEE Trans. Depend. Secure Comput., vol. 9, no. 1, pp. 75-85, 2012.
[http://dx.doi.org/10.1109/TDSC.2010.61]
[http://dx.doi.org/10.1109/TDSC.2010.61]
[18]
A.T. Al Ghazo, M. Ibrahim, H. Ren, and R. Kumar, "A2G2V: Automatic attack graph generation and visualization and its applications to computer and SCADA networks", IEEE Trans. Syst. Man Cybern. Syst., vol. 50, no. 10, pp. 3488-3498, 2020.
[http://dx.doi.org/10.1109/TSMC.2019.2915940]
[http://dx.doi.org/10.1109/TSMC.2019.2915940]
[19]
Jiang Yuanyuan, Research on Network Attack Prediction Technology Based on Bayesian Attack Graph " [D]. Guangzhou University,, 2022.
[http://dx.doi.org/10.27040/dcnki.ggzdu.2022.001453]
[http://dx.doi.org/10.27040/dcnki.ggzdu.2022.001453]
[20]
"YANG Ying jie, LENG Qiang, CHANG Dexian.Research on Network Dynamic Threat Analysis Technology Based on Attribute Attack Gragh", Dianzi Yu Xinxi Xuebao, vol. 41, no. 8, pp. 1838-1846, 2019.
[21]
Mingyang. Qiu, Sai. Yu, Wang. Gang, and Qingwei. Meng, "Network Security Assessment Method Based on Time Probability Attack Chart", Firepower and Command and Control, vol. 47, no. 1, pp. 145-149, 2022.
[22]
H.S. Lallie, K. Debattista, and J. Bal, "An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack Perception", IEEE Trans. Inf. Forensics Security, vol. 13, no. 5, pp. 1110-1122, 2018.
[http://dx.doi.org/10.1109/TIFS.2017.2771238]
[http://dx.doi.org/10.1109/TIFS.2017.2771238]
[23]
Y. Yanli, and S. Lipeng, "Research on attack graph generation method integrating social network threats", Computer Engineering, vol. 2021, no. 5, pp. 104-116, 2021.
[24]
J. Yuan, "Research on attack graph generation for industrial control network security and vulnerability analysis", Modern Electronic Technology, vol. 39, no. 11, pp. 103-107, 2016.
[25]
D. Wang, C. Jiang, and P. Yong, "Security domain based attack graph generation on industrial control systems", J. Tsinghua Univ., vol. 54, no. 01, pp. 44-52, 2014.
[26]
Z.H.A.N.G. Shuqin, L.I. Kaijiang, and Z.H.A.N.G. Lu, "Research on Attack Graph Generation Based on Q-learning Mechanism", Electronic Science and Technology, vol. 31, no. 10, pp. 6-10, 2018.
[27]
T. Li, Y. Jiang, C. Lin, M.S. Obaidat, Y. Shen, and J. Ma, "DeepAG: Attack Graph Construction and Threats Prediction With Bi-Directional Deep Learning", IEEE Trans. Depend. Secure Comput., vol. 20, no. 1, pp. 740-757, 2023.
[http://dx.doi.org/10.1109/TDSC.2022.3143551]
[http://dx.doi.org/10.1109/TDSC.2022.3143551]
[28]
H. Yang, Method for behavior-prediction of APT attack based on dynamic Bayesian gameIn 2016 IEEE International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), Chengdu, China, 2016, pp. 177-182
[http://dx.doi.org/10.1109/ICCCBDA.2016.7529554]
[http://dx.doi.org/10.1109/ICCCBDA.2016.7529554]
[29]
"Qinghai Ou, Shengxin Wang, and She Rui, "Demand and application
scenarios of power communication network for new power
systems"", Power Supply, vol. 39, no. 2, pp. 2-8, 2022.
[30]
"Li Jin, Gao Hongliang, Liu Kemeng, Xie Hu, "Research on power
system transformation based on edge node technology in the context
of carbon neutrality" [J/OL]", Electrical Measurement and Instrumentation, pp. 1-11, 2022.http://kns.cnki.net/kcms/detail/23.1202.th.20221020.1756.012.html
[31]
"Qin Yiwei, Zhang Penghe, Song Runan, Zhu Maoning, Zhang
Penghe, Song Runan, Zhu Maoning, "Arc Fault Diagnosis Technology
and Development Trends in New Power Systems" [J/OL]", Electrical Measurement and Instrumentation, pp. 10-25, 2023.http://kns.cnki.net/kcms/detail/23.1202.TH.20221025.0903.002.htm
Related Journals
Recent Patents on Engineering
Related Books
Voltammetry for Sensing Applications
