Abstract
Background: The new power system is more vulnerable to Advanced Persistent Threat (APT) than the traditional power system.
Objective: This study aims to grasp the intent of the APT attack better; a new generation method of power system APT attack graph based on DQN is proposed.
Methods: First, the network topology of the new power system was extracted by Nessus scanning as the model input. Secondly, the agent in DQN was trained for multiple rounds. Starting from the set initial state, the agent selected the action with the highest Q value to act on the system in each round, and then the system entered the next state. Then the Q network function value was updated according to the obtained system feedback value until the target state appeared.
Results: After multiple rounds of training agents, multiple APT attack paths were finally obtained, thus an APT attack graph can be generated.
Conclusion: The experimental results showed that the efficiency of generating an APT attack graph based on the DQN method is obviously superior to the existing methods for the large-scale industrial control system, such as the new power system.
Graphical Abstract
[http://dx.doi.org/10.1016/S1353-4858(11)70086-1]
[http://dx.doi.org/10.1109/MALWARE.2011.6112333]
[http://dx.doi.org/10.1109/DSC55868.2022.00077]
[http://dx.doi.org/10.1109/DSC55868.2022.00075]
[http://dx.doi.org/ 10.1109/ITNEC48623.2020.9084845]
[http://dx.doi.org/10.1088/1742-6596/1750/1/012078]
[http://dx.doi.org/10.1109/COMST.2019.2891891]
[http://dx.doi.org/10.1109/ISGT50606.2022.9817518]
[http://dx.doi.org/10.1109/TPWRS.2016.2631891]
[http://dx.doi.org/10.1109/TCNS.2016.2620807]
[http://dx.doi.org/10.1109/TDSC.2015.2423682]
[http://dx.doi.org/10.1109/TDSC.2020.3041999]
[http://dx.doi.org/10.1109/TDSC.2010.61]
[http://dx.doi.org/10.1109/TSMC.2019.2915940]
[http://dx.doi.org/10.27040/dcnki.ggzdu.2022.001453]
[http://dx.doi.org/10.1109/TIFS.2017.2771238]
[http://dx.doi.org/10.1109/TDSC.2022.3143551]
[http://dx.doi.org/10.1109/ICCCBDA.2016.7529554]