当前位置:
X-MOL 学术
›
IEEE Trans. Transp. Electrif.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Optimal Attack Path Planning based on Reinforcement Learning and Cyber Threat Knowledge Graph Combining the ATT&CK for Air Traffic Management System
IEEE Transactions on Transportation Electrification ( IF 7.2 ) Pub Date : 2024-03-19 , DOI: 10.1109/tte.2024.3377687 Chao Liu 1 , Buhong Wang 2 , Fan Li 3 , Jiwei Tian 4 , Yong Yang 1 , Peng Luo 1 , Zhouzhou Liu 5
IEEE Transactions on Transportation Electrification ( IF 7.2 ) Pub Date : 2024-03-19 , DOI: 10.1109/tte.2024.3377687 Chao Liu 1 , Buhong Wang 2 , Fan Li 3 , Jiwei Tian 4 , Yong Yang 1 , Peng Luo 1 , Zhouzhou Liu 5
Affiliation
With the development of the Air Traffic Management System (ATM), the ATM network has transitioned from a closed physical isolation network to an open Cyber-Physical System (CPS). As a result, the surface of cyber-attacks is constantly expanding, and the degree of automation and correlation of attacks is constantly increasing. Traditional penetration testing attack path planning relies on the expertise of specific field experts, which can be time-consuming and resource-intensive when dealing with large networks. A large number of useful cyber security information are seriously fragmented and not integrated. In this paper, we aim to address these challenges by constructing a novel ATM system cyber threat knowledge graph called ATMCyKG. This knowledge graph is based on ATT&CK attack TTP style templates, including attack tactics, techniques, and processes. It defines entities and attributes, and their relationships. By combining ATT&CK tactics and techniques with the knowledge graph, we propose an attack path planning method based on ATMCyKG and integrate it into a reinforcement learning model. We use a variety of reinforcement learning algorithms to conduct comparative experiments and conduct a panoramic analysis of its attack process. Finally, the experimental results of the three reinforcement algorithms are analyzed and summarized. This paper introduces the ATMCyKG for the first time and utilizes Neo4j for its construction. From the perspective of an attacker, we utilized reinforcement learning to discover vulnerability sequences by selecting effective action sequences to achieve the desired target. By planning automatic attack paths, we can eliminate the reliance on expert experience, save manpower and time, and improve the operability and testing efficiency of automated penetration testing in ATM. This is of significant importance in ensuring aviation transportation safety and maintaining airspace order.
中文翻译:
空中交通管理系统中基于强化学习和网络威胁知识图谱结合ATT&CK的最优攻击路径规划
随着空中交通管理系统(ATM)的发展,ATM网络已从封闭的物理隔离网络转变为开放的信息物理系统(CPS)。网络攻击的面不断扩大,攻击的自动化程度和关联性不断提高。传统的渗透测试攻击路径规划依赖于特定领域专家的专业知识,在处理大型网络时可能会耗费时间和资源。大量有用的网络安全信息严重碎片化、不整合。在本文中,我们旨在通过构建一个名为 ATMcyKG 的新型 ATM 系统网络威胁知识图来应对这些挑战。该知识图谱基于ATT&CK攻击TTP风格模板,包括攻击策略、技术和流程。它定义了实体和属性以及它们的关系。通过将 ATT&CK 策略和技术与知识图谱相结合,我们提出了一种基于 ATMCyKG 的攻击路径规划方法,并将其集成到强化学习模型中。我们利用多种强化学习算法进行对比实验,对其攻击过程进行全景分析。最后对三种强化算法的实验结果进行了分析和总结。本文首次介绍了ATMcyKG并利用Neo4j进行构建。从攻击者的角度来看,我们利用强化学习来发现漏洞序列,通过选择有效的行动序列来实现期望的目标。 通过规划自动攻击路径,可以消除对专家经验的依赖,节省人力和时间,提高ATM自动化渗透测试的可操作性和测试效率。这对于保障航空运输安全、维护空域秩序具有重要意义。
更新日期:2024-03-19
中文翻译:
空中交通管理系统中基于强化学习和网络威胁知识图谱结合ATT&CK的最优攻击路径规划
随着空中交通管理系统(ATM)的发展,ATM网络已从封闭的物理隔离网络转变为开放的信息物理系统(CPS)。网络攻击的面不断扩大,攻击的自动化程度和关联性不断提高。传统的渗透测试攻击路径规划依赖于特定领域专家的专业知识,在处理大型网络时可能会耗费时间和资源。大量有用的网络安全信息严重碎片化、不整合。在本文中,我们旨在通过构建一个名为 ATMcyKG 的新型 ATM 系统网络威胁知识图来应对这些挑战。该知识图谱基于ATT&CK攻击TTP风格模板,包括攻击策略、技术和流程。它定义了实体和属性以及它们的关系。通过将 ATT&CK 策略和技术与知识图谱相结合,我们提出了一种基于 ATMCyKG 的攻击路径规划方法,并将其集成到强化学习模型中。我们利用多种强化学习算法进行对比实验,对其攻击过程进行全景分析。最后对三种强化算法的实验结果进行了分析和总结。本文首次介绍了ATMcyKG并利用Neo4j进行构建。从攻击者的角度来看,我们利用强化学习来发现漏洞序列,通过选择有效的行动序列来实现期望的目标。 通过规划自动攻击路径,可以消除对专家经验的依赖,节省人力和时间,提高ATM自动化渗透测试的可操作性和测试效率。这对于保障航空运输安全、维护空域秩序具有重要意义。
京公网安备 11010802027423号