CN-121984759-A - Avionics system safety resource deployment method and medium based on attack defense tree

Abstract

The embodiment of the invention discloses an avionics system safety resource deployment method and medium based on an attack defense tree. The method comprises the steps of obtaining function component information corresponding to a system configuration change event, constructing an attack defense tree based on the function component information and a pre-stored defense knowledge base, traversing the attack defense tree to obtain attack path information, performing risk detection processing on the attack path information, performing risk threshold driving labeling and sequencing processing on the attack path information, executing defense combination optimizing processing under resource constraint, generating an executable defense deployment work order, loading the defense deployment work order to a preset avionics system, executing defense tasks corresponding to the defense deployment work order by the preset avionics system, and distributing safety resources corresponding to the defense deployment work order to a target hardware component or software service. This embodiment improves avionics system protection safety.

Inventors

• SUI LONG
• GU ZHAOJUN
• YU HAO

Assignees

• 中国民航大学

Dates

Publication Date

20260505

Application Date

20260205

Claims (10)

1. 1. An avionics system safety resource deployment method based on an attack defense tree comprises the following steps: in response to detecting a system configuration change event of a preset avionics system, acquiring function component information corresponding to the system configuration change event; constructing an attack defense tree based on the functional component information and a pre-stored defense knowledge base; Traversing the attack defense tree to obtain each attack path information, wherein each attack path information in each attack path information comprises an attack target root node and an attack path, the attack path comprises an attack path node sequence and at least one defense node, and each defense node in the at least one defense node corresponds to one attack path node in the attack path node sequence; performing risk detection processing on the attack path information to obtain various risk values; performing risk threshold driving labeling and sorting processing on the attack path information based on the risk values to obtain a labeled attack path information sorting table; According to the marked attack path information ranking table and preset security resource constraint information, executing defensive combination optimizing processing under resource constraint to generate defensive deployment information; generating an executable defense deployment work order based on the defense deployment information; Loading the defending and deploying work order to the preset avionics system so that the preset avionics system can execute defending tasks corresponding to the defending and deploying work order, so that safety resources corresponding to the defending and deploying work order can be distributed to target hardware components or software services, and meanwhile safety configuration corresponding to the safety resources can be activated.
2. 2. The method of claim 1, wherein the functional component information includes component identification, component type information, configuration information, and associated vulnerability information, and the constructing an attack defense tree based on the functional component information and a pre-stored defense knowledge base comprises: determining the component identification as an attack target root node of an attack defense tree; determining the configuration information as target configuration information; performing configuration defect deduction processing on the target configuration information to create at least one attack path corresponding to the attack target root node; Creating at least one attack path corresponding to the attack target root node based on the associated vulnerability information and a pre-stored defense knowledge base included in the functional component information; And carrying out tree structural modeling on the attack target root node and the at least one created attack path to obtain an attack defense tree.
3. 3. The method of claim 1, wherein the performing risk detection processing on the attack path information to obtain each risk value includes: for each of the respective attack path information, performing the steps of: Performing node-by-node propulsion attack simulation processing on the attack path included in the attack path information to obtain at least one risk contribution value corresponding to the attack path node sequence included in the attack path; A risk value is generated based on the at least one risk contribution value.
4. 4. A method according to claim 3, wherein each attack path node in the attack path node sequence included in the attack path includes attack behavior information, and the performing node-by-node propulsion attack simulation processing on the attack path included in the attack path information, to obtain at least one risk contribution value corresponding to the attack path node sequence included in the attack path includes: determining a preset attack success probability value as an initial reference attack success rate; determining an attack path node sequence included in the attack path; based on the initial reference attack success rate, the following updating steps are executed in the attack path node sequence included in the attack path: determining attack behavior information included in a first attack path node in the attack path node sequence as attack behavior information to be queried; inquiring initial attack success rate corresponding to attack behavior information to be inquired from a preset attack defense knowledge base; Generating an attack success rate as an initial risk contribution value based on the initial reference attack success rate, the initial attack success rate and the at least one defending node; Removing a first attack path node in the attack path node sequence to update the attack path node sequence; In response to determining that the attack success rate is greater than the preset probability value and the updated attack path node sequence is not null, updating the attack success rate to an initial reference attack success rate to update the initial reference attack success rate, and executing the updating step again on the updated attack path node sequence based on the updated initial reference attack success rate; And in response to determining that the attack success rate is smaller than or equal to a preset probability value and the attack path node sequence is not null, determining an initial risk contribution value corresponding to the attack path by the preset attack success probability value, and setting at least one generated initial risk contribution value to be zero and then taking the at least one generated initial risk contribution value as at least one risk contribution value.
5. 5. The method of claim 4, wherein the method further comprises: and in response to determining that the attack success rate is greater than the preset probability value and the updated attack path node sequence is empty, determining the generated initial risk contribution value as at least one risk contribution value.
6. 6. The method of claim 4, wherein the generating an attack success rate based on the initial reference attack success rate, the initial attack success rate, and the at least one defending node comprises: Responsive to determining that a defensive node exists in the at least one defensive node that corresponds to a first attack path node in a sequence of attack path nodes; inquiring a defending success rate corresponding to the defending node from the preset attack defending knowledge base; And generating the attack success rate based on the initial reference attack success rate, the initial attack success rate and the defense success rate.
7. 7. The method of claim 1, wherein the performing risk threshold driving labeling and ranking on the attack path information based on the risk values to obtain a labeled attack path information ranking table includes: Determining at least one risk value greater than a preset risk threshold value in the various risk values as at least one focusing risk value, wherein each focusing risk value in the at least one focusing risk value corresponds to one attack path information in the various attack path information; Determining at least one attack path information corresponding to the at least one focusing risk value in each attack path information as at least one first marked attack path information, and determining a first preset mark identifier as a mark identifier corresponding to each first marked attack path information in the at least one first marked attack path information; Determining each piece of attack path information except at least one piece of first marked attack path information in each piece of attack path information as each piece of second marked attack path information, and determining a second preset mark as a mark corresponding to each piece of second marked attack path information in each piece of second marked attack path information; ordering the at least one first marked attack path information to obtain a first marked attack path information sequence; ordering the second marked attack path information to obtain a second marked attack path information sequence; And storing the first labeling attack path information sequence and the second labeling attack path information sequence in a table form to obtain a labeling attack path information sorting table.
8. 8. An avionics system security resource deployment device based on an attack defense tree, comprising: an acquisition unit configured to acquire functional component information corresponding to a system configuration change event in response to detection of the system configuration change event of the preset avionics system; a construction unit configured to construct an attack defense tree based on the functional component information and a pre-stored defense knowledge base; A traversing unit configured to traverse the attack defense tree to obtain each attack path information, where each attack path information in each attack path information includes an attack target root node and an attack path, the attack path includes an attack path node sequence and at least one defending node, and each defending node in the at least one defending node corresponds to one attack path node in the attack path node sequence; The risk detection unit is configured to perform risk detection processing on the attack path information to obtain various risk values; The sorting unit is configured to perform risk threshold driving labeling and sorting processing on the attack path information based on the risk values to obtain a labeled attack path information sorting table; The first generation unit is configured to execute defensive combination optimizing processing under resource constraint according to the marked attack path information ranking table and preset safety resource constraint information so as to generate defensive deployment information; A second generation unit configured to generate an executable defensive deployment work order based on the defensive deployment information; And the execution unit is configured to load the defense deployment work order to the preset avionics system so that the preset avionics system can execute the defense tasks corresponding to the defense deployment work order to allocate the security resources corresponding to the defense deployment work order to the target hardware component or the software service and activate the security configuration corresponding to the security resources.
9. 9. An electronic device, comprising: One or more processors; A storage device having one or more programs stored thereon; when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1 to 7.
10. 10. A computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the method of any of claims 1 to 7.

Description

Avionics system safety resource deployment method and medium based on attack defense tree Technical Field The embodiment of the disclosure relates to the technical field of computers, in particular to an avionics system safety resource deployment method and medium based on an attack defense tree. Background The increasing openness of avionics systems requires that network security be incorporated into future navigable approval and periodic maintenance. However, the avionics system operation environment is extremely limited, the defensive resources which can be allocated are severely limited, the security resource deployment of the avionics system based on attack defensive tree can affect the overall security of the system, and the technology for deploying the defensive resources of the avionics system, namely the security resources is provided. At present, when the defensive resources of the avionics system are deployed, a mode of adopting a pre-configured fixed security strategy (such as a communication white list, an access control rule and the like) is generally adopted, the security strategy is kept unchanged in the whole service period, if the security strategy needs to be adjusted, the security strategy is manually evaluated and manually updated, and the updating process is not linked with the system configuration change. However, when the defensive resources of the avionics system are deployed in the above manner, the following technical problems often exist: Avionics systems may undergo configuration changes during service due to software upgrades, peripheral access, or communication interface extensions, introducing new functional components and potential attack paths. However, the adoption of a pre-configured fixed safety strategy lacks an automatic sensing mechanism for configuration change events, so that the original defense strategy is not covered fully, and the protection safety of the avionics system is lower. The actual risks of different attack paths are not quantitatively evaluated, strict resource constraints (such as CPU allowance <1% and memory KB level only) of the avionics system are not combined to optimize, protection is easily lacking on a high-risk path due to insufficient resources, and the protection safety of the avionics system is low. The above information disclosed in this background section is only for enhancement of understanding of the background of the inventive concept and, therefore, may contain information that does not form the prior art that is already known to a person of ordinary skill in the art. Disclosure of Invention The disclosure is in part intended to introduce concepts in a simplified form that are further described below in the detailed description. The disclosure is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Some embodiments of the present disclosure propose avionics system security resource deployment methods, apparatus, electronic devices, and computer readable media based on attack defense trees to address one or more of the technical problems mentioned in the background section above. According to the first aspect, some embodiments of the present disclosure provide a method for deploying security resources of an avionics system based on an attack defense tree, the method comprising the steps of responding to detection of a system configuration change event of a preset avionics system, obtaining function component information corresponding to the system configuration change event, constructing the attack defense tree based on the function component information and a pre-stored defense knowledge base, traversing the attack defense tree to obtain attack path information, wherein each attack path information comprises an attack target root node and an attack path, the attack path comprises an attack path node sequence and at least one defense node, each defense node in the at least one defense node corresponds to one attack path node in the attack path node sequence, performing risk detection processing on each attack path information to obtain each risk value, performing risk threshold driving labeling and sorting processing on each attack path information based on each risk value to obtain a labeled attack path information sorting table, performing a defense combination processing under resource constraint according to the labeled attack path information and the pre-stored security constraint information, deploying security resource allocation to a corresponding to a pre-configured worker's security defense system, and deploying security resource allocation to a corresponding worker's security system, and a worker's security resource allocation can be activated to a corresponding security defense system, and a worker's security resource allocation can be deployed. In a second aspect, some embodiments of the present disclosure