{"title":"基于图神经网络的列车控制系统攻击预测","authors":"Junyi Zhao, Tao Tang, Bing Bu, Qichang Li","doi":"10.1049/cit2.12288","DOIUrl":null,"url":null,"abstract":"The Advanced Persistent Threats (APTs) have emerged as one of the key security challenges to industrial control systems. APTs are complex multi‐step attacks, and they are naturally diverse and complex. Therefore, it is important to comprehend the behaviour of APT attackers and anticipate the upcoming attack actions. GNN‐AP is proposed, a framework utilising an alert log to predict potential attack targets. Firstly, GNN‐AP uses causality to eliminate confounding elements from the alert dataset and then uses an encoder‐decoder model to reconstruct an attack scenario graph. Based on the chronological characteristics of APT attacks, GNN‐AP identifies APT attack sequences from attack scenario graphs and integrates these attack sequences with communication‐based train control (CBTC) devices topology information to construct an Attack‐Target Graph. Based on the attack‐target graph, a graph neural network approach is used to identify the attack intent and transforms the attack prediction problem into a link prediction problem that predicts the connected edges of the attack and target nodes. The simulation results obtained using DARPA data show that the proposed method can improve the comparison methods by 4% of accuracy in terms of prediction. Furthermore, the method was applied to the CBTC system dataset with a prediction accuracy of 88%, demonstrating the efficacy of the proposed method for industrial control systems.","PeriodicalId":46211,"journal":{"name":"CAAI Transactions on Intelligence Technology","volume":null,"pages":null},"PeriodicalIF":8.4000,"publicationDate":"2024-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Graph neural network‐based attack prediction for communication‐based train control systems\",\"authors\":\"Junyi Zhao, Tao Tang, Bing Bu, Qichang Li\",\"doi\":\"10.1049/cit2.12288\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Advanced Persistent Threats (APTs) have emerged as one of the key security challenges to industrial control systems. APTs are complex multi‐step attacks, and they are naturally diverse and complex. Therefore, it is important to comprehend the behaviour of APT attackers and anticipate the upcoming attack actions. GNN‐AP is proposed, a framework utilising an alert log to predict potential attack targets. Firstly, GNN‐AP uses causality to eliminate confounding elements from the alert dataset and then uses an encoder‐decoder model to reconstruct an attack scenario graph. Based on the chronological characteristics of APT attacks, GNN‐AP identifies APT attack sequences from attack scenario graphs and integrates these attack sequences with communication‐based train control (CBTC) devices topology information to construct an Attack‐Target Graph. Based on the attack‐target graph, a graph neural network approach is used to identify the attack intent and transforms the attack prediction problem into a link prediction problem that predicts the connected edges of the attack and target nodes. The simulation results obtained using DARPA data show that the proposed method can improve the comparison methods by 4% of accuracy in terms of prediction. Furthermore, the method was applied to the CBTC system dataset with a prediction accuracy of 88%, demonstrating the efficacy of the proposed method for industrial control systems.\",\"PeriodicalId\":46211,\"journal\":{\"name\":\"CAAI Transactions on Intelligence Technology\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":8.4000,\"publicationDate\":\"2024-02-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"CAAI Transactions on Intelligence Technology\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1049/cit2.12288\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"CAAI Transactions on Intelligence Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1049/cit2.12288","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
Graph neural network‐based attack prediction for communication‐based train control systems
The Advanced Persistent Threats (APTs) have emerged as one of the key security challenges to industrial control systems. APTs are complex multi‐step attacks, and they are naturally diverse and complex. Therefore, it is important to comprehend the behaviour of APT attackers and anticipate the upcoming attack actions. GNN‐AP is proposed, a framework utilising an alert log to predict potential attack targets. Firstly, GNN‐AP uses causality to eliminate confounding elements from the alert dataset and then uses an encoder‐decoder model to reconstruct an attack scenario graph. Based on the chronological characteristics of APT attacks, GNN‐AP identifies APT attack sequences from attack scenario graphs and integrates these attack sequences with communication‐based train control (CBTC) devices topology information to construct an Attack‐Target Graph. Based on the attack‐target graph, a graph neural network approach is used to identify the attack intent and transforms the attack prediction problem into a link prediction problem that predicts the connected edges of the attack and target nodes. The simulation results obtained using DARPA data show that the proposed method can improve the comparison methods by 4% of accuracy in terms of prediction. Furthermore, the method was applied to the CBTC system dataset with a prediction accuracy of 88%, demonstrating the efficacy of the proposed method for industrial control systems.
期刊介绍:
CAAI Transactions on Intelligence Technology is a leading venue for original research on the theoretical and experimental aspects of artificial intelligence technology. We are a fully open access journal co-published by the Institution of Engineering and Technology (IET) and the Chinese Association for Artificial Intelligence (CAAI) providing research which is openly accessible to read and share worldwide.