Research on ICS Intrusion Success Rate Algorithm Based on Attack and Defense Countermeasures

  • Wending WangEmail author
  • Kaixing Wu
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 980)


According to the existing ICS, the research on ICS intrusion success rate algorithm does not consider the deficiency. In this paper, it proposes an ICS intrusion success rate algorithm based on ADT model. Firstly,according to common attack attributes to build a complete index system, and introduce attack part of ADT model to get the success rate of invasion of each path. Secondly, introducing the intrusion alarm rate to achieve passive defense, and using active scanning’s method to achieve active defense. Finally, combined with the above research, the final success rate of invasion is obtained. And a case study is carried out what is based on ICS of a chemical enterprise. This method reduces the success rate of invasion of the optimal attack path by 27%. And it improves the accuracy of the traditional model evaluation.


ICS ADT model Invasion success rate Attack path Defense system 


  1. 1.
    Jiang, W., Fang, B.X., Tian, Z.H.: Network security measurement and optimal active defense based on offense and defense game model. J. Comput. 32(04), 817–827 (2009)Google Scholar
  2. 2.
    Peng, Y., Jiang, C.Q., Xie, F.: Research progress of information security in industrial control system. J. Tsinghua Univ. (Nat. Sci.) 52(10), 1396–1408 (2012)Google Scholar
  3. 3.
    Ru, Y., Wang, Y., Li, J.: Risk assessment of cyber attacks in ECPS based on attack tree and AHP. In: 2016 12th International Conference Natural Computation, Fuzzy Systems and Knowledge Discovery, pp. 465–470. IEEE, USA (2016)Google Scholar
  4. 4.
    Chen, Y., Hong, J., Liu, C.C.: Modeling of Intrusion and defense for assessment of cyber security at power substations. IEEE Trans. Smart Grid 9(4), 2541–2552 (2016)CrossRefGoogle Scholar
  5. 5.
    Arghavani, A., Arghavani, M., Ahmadi, M.: Attacker-manager game tree (AMGT): a new framework for visualizing and analysing the interactions between attacker and network security manager. Comput. Netw. 133, 42–58 (2018)CrossRefGoogle Scholar
  6. 6.
    Kordy, B., Pietre, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)CrossRefGoogle Scholar
  7. 7.
    Cherdantseva, Y., Bumap, P., Blyth, A.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016)CrossRefGoogle Scholar
  8. 8.
    Huang, J.H., Feng, D.Q., Wang, H.J.: Quantification method of industrial control system vulnerability based on attack graph. Autom. J. 42(05), 792–798 (2016)Google Scholar
  9. 9.
    GB/T 33009.3-2016, Industrial automation and control systems network security distributed control system (DCS) part 3: evaluation guideGoogle Scholar
  10. 10.
    Okil, C., Pawlowski, S.D.: The delphi method as a research tool: an example, design considerations and applications. Inf. Manage. 42(1), 15–29 (2004)CrossRefGoogle Scholar
  11. 11.
    Liu, F.F.: Process industrial data analytics for alarm analysis. Beijing University of Chemical Technology, pp. 1–77 (2015)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of Information and Electrical EngineeringHebei University of EngineeringHandanChina
  2. 2.Hebei Engineering Laboratory of Comprehensive Informatization of Coal MineHandanChina

Personalised recommendations