Abstract:
The ultimate intentions of various attack strategies leads the control system to a critical states or dangerous states for industrial control network. As a consequence, the attack detection method based on abnormal device status exceeds any other methods in terms of reliability. Oriented to the difficulty of accurately determining the ending of attack, this paper established the attack strategies model and the abnormal status description model, and then constructed corresponding datasets under a variety of attack strategies, proposed time slice partitioning algorithm based on inflection point fusion and state feature clustering algorithm, finally constructed an anomaly detection scheme based on state transition probability graph. Experimental results indicate that this scheme can effectively detect a variety of attack strategies. In addition, the research on the quantitative evaluation of semantic attack impacting on system states is relatively weaker than any other attack pattern, such as data injection attack, denial of service attack, and man-in the middle attack. In response to the above phenomenon, with results of anomaly detection as the cornerstone, this paper proposed the scheme of quantitative evaluation of attack impact on system states, according to the fusion analysis of abnormal features and threat degree indicators, for the state changes of the system at different stages. This work has important theoretical valuation and practical significance for identifying attack intention.