Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (6): 498-.

Previous Articles     Next Articles

Prediction of Industrial Control System Vulnerability Exploitation Relationships Based on Knowledge Graphreasoning

Liang Chao1, Wang Zibo1, Zhang Yaofang1, Jiang Wenhan1, Liu Hongri1,2, and Wang Bailing1#br#

#br#
  

  1. 1(School of Computer Science and Technology, Harbin Institute of Technology, Weihai, Shandong 264200)
    2(Weihai Cyberguard Technologies Co., Ltd., Weihai, Shandong 264200)

  • Online:2024-06-06 Published:2024-06-06

基于知识图谱推理的工控漏洞利用关系预测方法

梁超1王子博1张耀方1姜文瀚1刘红日1,2王佰玲1


  

  1. 1(哈尔滨工业大学(威海) 计算机科学与技术学院山东威海264200)
    2(威海天之卫网络空间安全科技有限公司山东威海264200)

  • 通讯作者: 王佰玲 教授,博士生导师.主要研究方向为工业互联网安全、工控系统安全. wbl@hit.edu.cn
  • 作者简介:梁超 硕士研究生.主要研究方向为知识图谱、网络空间安全. chaos8032@outlook.com 王子博 博士研究生.主要研究方向为工控系统安全. 18746072575@163.com 张耀方 博士研究生.主要研究方向为工控系统安全. zyf1998316@163.com 姜文瀚 硕士研究生.主要研究方向为工控系统安全. 1084202141@qq.com 刘红日 助理研究员.主要研究方向为工业互联网安全、工控系统安全. liuhr@hit.edu.cn 王佰玲 教授,博士生导师.主要研究方向为工业互联网安全、工控系统安全. wbl@hit.edu.cn

Abstract: With the rapid growth in the number of vulnerabilities in Industrial Control Systems, the time and economic costs required for manual analysis of vulnerability exploitation are constantly increasing, and current reasoning methods have many deficiencies such as insufficient utilization of information and poor interpretability. To address these problems, a prediction method for exploitation relationships of ICS vulnerabilities is proposed, which is based on knowledge graph reasoning. First, a path filtering algorithm is utilized to minimize the vulnerability exploitation paths. Then, path information is obtained by aggregating key relation paths, and neighbor information is acquired by integrating neighbor relation information. Finally, the exploitation relationships of vulnerabilities are predicted. An experiment on predicting exploit relationships was conducted using a knowledge graph for ICS security, which was built based on security knowledge data and ICS scenario data, and consisted of 57333 entities. The results indicate that the proposed method can assist in predicting the exploitability of ICS vulnerabilities with an accuracy rate of 99.0%.

Key words: industrial control systems (ICS), vulnerability exploitation, relationship prediction, knowledge graph reasoning, path filtering

摘要: 工业控制系统漏洞数量呈快速增长态势,人工分析漏洞利用需要花费的时间与经济成本不断增加,当前推理方法存在信息利用不充分、可解释性差等缺陷.针对上述问题,提出了一种基于知识图谱推理的工控漏洞利用关系预测方法.该方法首先使用路径筛选算法约简漏洞利用路径,然后通过关键关系路径聚合获取路径信息,通过邻居关系信息融合获取邻居信息,最终预测漏洞利用关系.基于安全知识数据与工控场景数据构建了一个包含57333个实体的工控安全知识图谱,进行漏洞利用关系预测实验.结果表明,提出的方法预测准确率达到99.0%,可以辅助工控漏洞利用预测.

关键词: 工业控制系统, 漏洞利用, 关系预测, 知识图谱推理, 路径筛选

CLC Number: